Redefining CyberSecurity

Guests:Nicole Darden Ford is Vice President, Global Information Security and Chief Information Security Officer at Rockwell Automation [@ROKAutomation]On LinkedIn | https://www.linkedin.com/in/nicole-darden-ford/On Twitter | https://twitter.com/NicoledgrayAric K. Perminter, Founder & Chairman of Lynx Technology Partners [@LynxPartners] and Board Member at International Consortium of Minority Cybersecurity Professionals (ICMCP) / Cyversity [@OneCyversity]On LinkedIn | https://www.linkedin.com/in/aricperminter/On Twitter | https://twitter.com/aricperminter____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Edgescan | https://itspm.ag/itspegweb___________________________Episode NotesIn this podcast episode, Sean Martin, the host of the Redefining CyberSecurity Podcast, speaks with Nicole Darden Ford, the Vice President, Global Information Security, and Chief Information Security Officer at Rockwell Automation, and Aric Perminter, Founder & Chairman of Lynx Technology Partners, about the role of a Chief Information Security Officer (CISO) ranging from business defense to national security.The trio discusses the importance of understanding what is being protected and why it is important in industries such as healthcare, retail, banking, and critical infrastructure. They also talk about the need for cybersecurity professionals to be like cyber first responders and the importance of communicating risk in a financial context. Additionally, the conversation delves into the pressures and hardships that come with being a CISO and how those that take on the role can maintain a positive attitude and feel good about the work they do. Both Nicole and Aric emphasize the importance of caring for one's team, being personable, and having the passion and courage to do what is necessary to protect an organization's data and infrastructure. They also share stories of successful initiatives they have undertaken as CISOs, such as uplifting the competency and training program for a cybersecurity team and enabling a team to work from home during the COVID-19 pandemic.Overall, the conversation sheds light on the complex and challenging role of a CISO and the importance of effective cybersecurity leadership for the benefit of the team, the program, and the organization.Enjoy the conversation! And don't forget to subscribe and share!____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist📺 https://www.youtube.com/playlist?list=PLnYu0psdcllQZ9kSG7X7grrP_PsH3q3T3ITSPmagazine YouTube Channel📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________Resources____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastWatch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guest: Cecilia Murtagh Marinier, Cybersecurity Advisor - Strategy, Innovation & Scholars at RSA Conference [@RSAConference]On LinkedIn | https://www.linkedin.com/in/cecilia-murtagh-marinier-14967/On Twitter | https://twitter.com/CMarinier____________________________HostsSean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode’s SponsorsBlackCloak | https://itspm.ag/itspbcweb____________________________Episode NotesWelcome to another thrilling episode of ITSPmagazine's RSA Conference US 2023 Coverage Podcast, hosted by Sean and Marco. In today's episode, we dive into an engaging conversation with Cecilia Marinier from the RSA Conference, who is responsible for managing the suite of innovation programs, and those aimed at college students. This captivating discussion will give you a deeper understanding of the exciting things happening in the world of cybersecurity innovation.Cecilia shares insights into the Innovation Sandbox contest, an 18-year-old cornerstone event of the conference that has seen billions of dollars of investments and produced numerous successful companies. With a 150% increase in submissions this year, the top 10 companies have been announced, showcasing a diverse range of backgrounds and problem-solving approaches.In addition to the Innovation Sandbox, we learn about Launchpad, an event that focuses on earlier stage startups, where three entrepreneurs pitch to venture capitalists. The venture capitalists themselves come from varied backgrounds, bringing unique perspectives and valuable questions to the table.We also explore the Early Stage Expo, where 50 startups showcase their solutions, and a series of informative content sessions aimed at those interested in becoming entrepreneurs. The RSA Conference is committed to innovation, and this episode highlights the passion and excitement behind it.Join Sean and Marco as they ask Cecilia about the criteria for selecting participants for the Innovation Sandbox and Launchpad events. We discover the importance of having a strong team, a novel approach to solving a problem, and the ability to demonstrate the potential for significant market impact.If you're eager to learn about the future of cybersecurity innovation, this conversation is a must-listen. Don't miss out on this episode packed with valuable insights, and be sure to share it with others, subscribe to the podcast, and join us for more captivating discussions.____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw____________________________Catch the video here: https://youtu.be/U7B_wUN8Pe8For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac23spAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastBe sure to share and subscribe!

Welcome to another exciting episode of our podcast, where we dive into the fascinating world of cybersecurity and explore the challenges faced by businesses and individuals alike. Today, we have an extraordinary story to share, one that sheds light on the ever-evolving landscape of cyber threats and the innovative solutions being developed to protect us. We're talking about BlackCloak, a cutting-edge cybersecurity company that's changing the game when it comes to digital executive protection. So buckle up, sit back, and prepare to be amazed as we unravel the incredible story of BlackCloak and its mission to safeguard the digital lives of corporate executives and high-profile individuals. And don't forget to subscribe and share our show so that you and your network can stay ahead of the curve in this rapidly changing world of cybersecurity.In today's episode, we're joined by BlackCloak's co-founder, Dr. Chris Pierson, and their Chief Information Security Officer, Daniel Floyd. Both of these experts bring decades of experience in system architecture, security operations, and cybersecurity strategy to the table. As they discuss the unique challenges faced by executives and their families in the age of remote work, it becomes apparent that traditional cybersecurity measures are no longer enough.The conversation delves into the critical need for digital executive protection that extends beyond the four walls of a company. This is where BlackCloak steps in, providing comprehensive protection for executives and their families in their personal lives without infringing on their privacy. The aim is to create a hardened target around these high-profile individuals and their loved ones, safeguarding their homes, devices, and personal data from malicious cybercriminals.As our guests share real-world examples of high-profile breaches, such as Twilio and Uber, it becomes evident that the personal lives of executives are increasingly becoming the soft underbelly of companies' cybersecurity defenses. By targeting executives through phishing attacks and exploiting their personal devices, cybercriminals are finding ways to bypass corporate security measures and access sensitive information.In response to these evolving threats, BlackCloak offers an innovative solution that bridges the gap between corporate and personal cybersecurity. By taking a proactive approach and addressing the unique challenges faced by executives and their families, BlackCloak is redefining digital protection and shaping the future of cybersecurity as we know it.Don't miss out on this thrilling episode as we delve into the cutting-edge world of BlackCloak and learn how they're revolutionizing the way we think about cybersecurity. Remember to subscribe to our show and share it with your friends and colleagues so that everyone can stay informed and protected in this ever-changing digital landscape.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuests:Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]On Linkedin | https://www.linkedin.com/in/drchristopherpierson/On Twitter | https://twitter.com/drchrispiersonDaniel Floyd, CISO of BlackCloak [@BlackCloakCyber]On Linkedin | https://www.linkedin.com/in/daniel-n-floyd/ResourcesLearn more about BlackCloak and their offering: https://itspm.ag/itspbcwebConnect with BlackCloak during RSA Conference: https://itspm.ag/blackcvnk8For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

GuestsLinda Gray Martin, Vice President at RSA Conference [@RSAConference]On LinkedIn | https://www.linkedin.com/in/linda-gray-martin-223708/On Twitter | https://twitter.com/LindaJaneGrayBritta Glade, Senior Director, Content & Curation at RSA Conference [@RSAConference]On LinkedIn | https://www.linkedin.com/in/britta-glade-5251003/On Twitter | https://twitter.com/brittaglade____________________________Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode’s SponsorsBlackCloak | https://itspm.ag/itspbcweb____________________________Episode NotesWe are thrilled to kick off our event coverage with our traditional first Chats On The Road to RSA Conference 2023, chatting with our good friends as they give us the latest and greatest for what we can expect at this year's event.Listen in to hear more about the theme, keynotes, sessions, speakers, expo hall, community events, and so much more. And, yes, we decided to capture this one on video too, so be sure to give that a watch for a funny moment as well.Tune in and be sure to join us for all of our coverage coming to you before, from, and after RSA Conference USA 2023!____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw____________________________Catch the video here: https://www.youtube.com/watch?v=Htvn7AkCJSsFor more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac23spAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcast

Guests: Taylor Hersom, Founder at Eden Data [@edendatainc]On LinkedIn | https://linkedin.com/taylorhersomOn Twitter | https://twitter.com/taylorhersomAshish Rajan, CISO, CyberSecurity Influencer, SANS [@SANSInstitute] Trainer for Cloud Security, and Host of the Cloud Security Podcast [@CloudSecPod]On LinkedIn | https://www.linkedin.com/in/ashishrajan/On Twitter | https://twitter.com/hashishrajanOn TikTok | https://www.tiktok.com/@hashishrajanOn YouTube | https://www.youtube.com/channel/UCRrWf6aQnFbdS7WRlv_o0Tw____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Edgescan | https://itspm.ag/itspegweb___________________________Episode NotesJoin Sean, Ashish, and Taylor, as they discuss the evolution of cloud computing, cloud security, and their experiences in the field. The conversation explores the different types of cloud services, the shift from on-premises to cloud infrastructure, and the growing need for professionals with specific cloud security knowledge.The guests address the challenge of shadow IT, where people within an organization use cloud services without the knowledge of the IT team or leadership. They stress the importance of collaboration, focusing on a "security champions" program that bridges the gap between security professionals and developers. They emphasize building security from the beginning rather than patching holes later and highlight the importance of adapting to the ever-changing landscape of cloud security.They also discuss the use of ChatGPT as a learning tool, its potential impact on the security community, and its potential benefits and risks, exploring the possibility of using ChatGPT for compliance and its impact on external auditors. While acknowledging the potential benefits of ChatGPT, they caution against overreliance on technology and stress the importance of maintaining critical thinking, problem-solving, and respect within the security community.The podcast concludes with an emphasis on the importance of culture, collaboration, and trust in cybersecurity. The guests note the role of security champions programs in bridging knowledge gaps and highlight the need to customize security frameworks like NIST for specific IT environments. They touch on the softening stigma around cybersecurity and point out that people already practice security in their daily lives, encouraging them to apply the same mindset to their digital work.Listen up and comment on this episode to share your thoughts with the community.____________________________ResourcesCloud Security Podcast: https://www.cloudsecuritypodcast.tv____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastWatch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guests: Dr. Hunter LaCroix, Adjunct Professor, University of Maryland Global Campus [@umdglobalcampus] and EMT Firefighter Rescue Technician Hazmat Specialist, State of Maryland [@StateMaryland]On LinkedIn | https://www.linkedin.com/in/hunter-l-035498234/Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, Sean Martin is joined by Dr. Hunter LaCroix and Marco Ciappelli to discuss the intersection of emergency management and cybersecurity. Dr. LaCroix argues that there is a significant disconnect between the two areas, with emergency management professionals not considering cyber attacks as a true area of disaster. This is despite increasing cybercriminal activity targeting local and state governments and their supporting critical infrastructure. The conversation points out that there is a need for a cyber capability that develops around the physical disaster response framework, similar to the response we often see when a natural disaster occurs.States such as Ohio and California have implemented cybersecurity volunteer reserves and cybersecurity watch centers, respectively. The National Guard units also assist local entities during cyber incidents and play a vital role in emergency management relationships. Pre-existing relationships with the National Guard can be leveraged and building public-private partnerships is critical in cybersecurity incident response. The private sector and cybersecurity professionals trust the National Guard to be a leader in local and state cybersecurity incident response. Still, there is a widespread problem at the local and state level of operations and a lack of broader implementation and utilization of these services.Dr. LaCroix has written about this topic, with a book being published shortly. You can read the abstract for the book below.Book AbstractCybersecurity is a national priority for the Homeland Security enterprise. Yet, despite a prioritization at the federal level, municipal and state governments have struggled to incorporate the National Guard in cyber incident response. Cyber incidents strain municipalities and states, which have spent significant resources to mitigate cyber threats. The glaring gap in the National Guard’s role in municipal and state cyber incident response warrants two key questions as to why the National Guard isn’t more readily used. “Is it cost prohibitive to use National Guard assets when compared to private entities?” Or “is there an underlying sociological disconnect regarding the National Guard’s role in cyber disaster when compared to physical disasters.”? Both questions and the National Guard’s role have largely been under-examined by Homeland Security professionals and academia requires additional examination.This dissertation seeks to study via a sequential mixed method approach answers to both questions. First, using a quantitive analysis method examining case studies this study seeks to examine if “it is less expensive for municipal and state governments to use the National Guard instead of private sector assistance for cyber incident responses?" Sequentially if it is less expensive, this dissertation seeks to utilize a survey-based questionnaire from associations of National Guard and Emergency response personal to answer, “is there and underlying sociological misperceptions that contribute to National Guard’s underutilization for cyber disasters when compared to their role in traditional disaster response?” This study achieved complimenting results: with quantitative testing affirming the initial hypothesis regarding the National Guard’s cost effectiveness versus private sector entities in case studies examined. This led to qualitative studies using surveys to examine possible misperceptions of the National Guard’s role in cyber incident response for municipal and state level operations. Surveys revealed both a lack of understanding and disconnect between the National Guard’s role in cyber incident response when compared it is normal role in physical disasters. This research creates opportunity and future growth for homeland Security professionals to prioritize the understanding and growing role of the National Guard for public and private enterprise at the municipal and state level of cyber incident response.____________________________ResourcesBook: Coming (Date: TBD)____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastWatch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Community Member Contributor: Matthew Rosenquist, CISO at Eclipz.ioOn LinkedIn | https://www.linkedin.com/in/matthewrosenquist/On Twitter | https://twitter.com/Matt_RosenquistOn Medium | https://matthew-rosenquist.medium.com/HostsSean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli______________________Episode DescriptionOrganizations are asking a lot of their CISOs—from protecting internal digital assets to verifying the security postures of customers and partners, managing cyber insurance and compliance requirements, and acting fast anytime a security issue arises (real or otherwise). Taking on this challenge is made more difficult by the five areas in which CISOs tend to struggle—leadership, strategic thinking, optimizing for threats, promoting teamwork, and maximizing value. In this post from the Blue Lava Community, Matthew Rosenquist, the CISO at Eclipz.io, examines these five areas and presents strategies CISOs can apply to overcome the common mistakes made to instead provide cybersecurity value that can be measured in business terms at the C-suite table.LinkedIn Post: Five Biggest Mistakes of Cybersecurity Programs______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guest: Patricia Muoio, Ph.D, General Partner, SineWave Ventures [@SineWaveVC]On LinkedIn | https://www.linkedin.com/in/patricia-muoio-10037775/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesThe Chief Information Security Officer's (CISO's) role in an enterprise is challenging due to ambiguity around security requirements, lack of clear understanding of security as a business imperative, and the increasing complexity of technology. Placing the CISO closer to engineering and IT can help make better recommendations and choices but may require additional views of risk management alongside other types of business risks.This conversation highlights the changing role of CISOs in companies and the potential need for multiple CISOs (or sub-CISOs) to manage different aspects of security may be on the horizon, something startups may not be ready for but should begin to prioritize during the early build stage if they are to avoid costly situations later.____________________________ResourcesPodcast: CISO Stories Recounted By The World's First CISO | A Conversation With Steve Katz: https://itspmagazine.simplecast.com/episodes/ciso-stories-recounted-by-the-worlds-first-ciso-a-conversation-with-steve-katz____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastWatch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

In this second episode, we take a closer look at Log4j and what business/operations impacts it had on organizations faced with the attacks against the vulnerability. We also get to hear about some successful mitigation measures Imperva customers used to mitigate the impact of Log4j and take that to the next level for some actionable steps companies can take to prepare for other supply chain vulnerabilities.Note: This story contains promotional content. Learn more.Guest: Peter Klimek, Director of Technology - Office of the CTO at Imperva [@Imperva]On LinkedIn | https://www.linkedin.com/in/peter-klimek-37588962/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Blog: Log4j: One Year LaterSolution page: Stopping software supply chain attacksLearning center: Supply Chain AttackLearning center: Zero-day (0day) exploitNational Telecommunications and Information Administration: Software Bill of MaterialsNational Telecommunications and Information Administration: Vulnerability-Exploitability eXchangePodcast Part 1 of 2: https://redefining-cybersecurity.simplecast.com/episodes/the-impact-of-log4j-since-its-disclosure-steps-businesses-can-take-to-maintain-software-supply-chain-security-part-1-of-2-an-imperva-story-with-gabi-stapelAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The December 2021 log4j vulnerability was a major event in the cybersecurity world. When it was released and exposed to the internet, it caused an explosion in attacks with five and a half million attacks per day and up to 25,000 sites attacked per hour. The vulnerability affects any system running that version of Java lookup and could be at risk, even if it is only exposed internally to insiders. The attackers initially used scanning and checking to see which sites were vulnerable, and then it was automated. Attack tools were created to make it easier for attackers to reach as many targets as possible. Public awareness campaigns have been effective, but vulnerabilities can reappear due to the prevalence of the software. 72% of organizations still had some level of vulnerability to log4j as of October 2022.As captured in this episode, remediation is not a one-and-done solution, as seen with Log4j, where organizations would fix the problem, and then it would come right back due to the prevalence of the software and how deep it went. The importance of API security is emphasized since 15% of the numbers were coming from APIs. The need to check and document new things added to the system is crucial to maintain proper documentation and be up on remediation. In short, software supply chain security is critical.Note: This story contains promotional content. Learn more.Guest: Gabi Stapel, Content Manager @ Imperva Threat Research [@Imperva]On LinkedIn | https://www.linkedin.com/in/gabriella-stapel/On Twitter | https://twitter.com/GabiStapelResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Blog: Log4j: One Year LaterSolution page: Stopping software supply chain attacksLearning center: Supply Chain AttackLearning center: Zero-day (0day) exploitNational Telecommunications and Information Administration: Software Bill of MaterialsNational Telecommunications and Information Administration: Vulnerability-Exploitability eXchangeAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story