Ben Crenshaw, MSCIA’s Post

I'm looking forward to this talk, especially "Quantum Computing: The Cybersecurity Apocalypse or the Next Great Leap", at the ISSA LasVegas Meeting.

This message is for all the people at Pacific Northwest National Laboratory Idaho National Laboratory and Office of Cybersecurity, Energy Security, and Emergency Response (CESER) Southern Company IEEE Power & Energy Society and Cybersecurity and Infrastructure Security Agency Hitachi Energy Schneider Electric that were claiming SBOM is immature during a recent webinar https://lnkd.in/eNryEx2T Here is a little ground truth, using empirical data, that SBOM is mature enough today to provide value to software consumers. The CISA SBOM-a-Rama held in Denver September 2024 had over 500 attendees with approximately 200 on site in person; https://lnkd.in/eErG382g CISA statement about SBOM-a-Rama: "Thank you so much to those of you who were able to participate in the CISA SBOM-a-rama. We were blown away by the level of interest and the engagement, from a host of different perspectives, and from leaders around the world." Day 1 slides are available here: https://lnkd.in/efs88JCA There were over 20 SBOM product vendors demonstrating their SBOM solutions during the CISA SBOM-a-Rama; https://lnkd.in/emfNanW4 Just a reminder - INL CIE recommends use of SBOM, see principle 9. It can't be that immature if INL is recommending it be used for CIE implementation; https://lnkd.in/eR7JFbDh The EU Cyber Resilience Act 2024 contains guidance on the use of SBOM; https://lnkd.in/eYPrFcZr "(77) In order to facilitate vulnerability analysis, manufacturers should identify and document components contained in the products with digital elements, including by drawing up an SBOM." NIST best practices for supply chain risk management recommend the use of SBOM https://lnkd.in/gPDbwhiX FDA requires SBOM for medical devices: https://lnkd.in/eg4bzA6k formal guidane is contained in the FDA reference document: https://lnkd.in/en_4ApBd "An SBOM helps facilitate risk management processes by providing a mechanism to identify devices and the systems in which they operate that might be affected by vulnerabilities in the software components, both during development when software is being chosen as a component and after it has been placed into the market throughout all other phases of a product’s life.47 CISA's own Secure by Design Software Acquisition Guide recommends the use of SBOM, https://cisa.gov/sag Would all of these parties be recommending SBOM if it was as immature as the DOE SBOM webinar speakers want you to believe? The DOE SBOM webinar was total FUD; https://lnkd.in/eNryEx2T Find the truth about SBOM maturity by referring to all the recommendations to apply SBOM listed above and talk with people working on SBOM implementations from the SBOM Communities, SPDX and CycloneDX. Even Microsoft Copilot knows the truth: "In summary, SBOMs have reached a level of maturity that makes them a valuable tool for enhancing software supply chain security today. However, like any technology, they continue to evolve and improve over time."

Had a wonderful time talking about the aspects of securing Digital Data Estate End-to-End. The discussion involved the current state of cyber, how to approach data security & privacy in tandem, supply chain attacks, and the major challenges of securing the digital data estate. Thanks to co-panelists Anand Jethalia, Tanin Chakraborty, and our moderator Hemanshi Tewari. I hope you find it useful. My specific responses are at 2:29, 10:03, 17:01 #cybersecurity #GenAI #Data #Privacy #DigitalTransformation

📢 #Infosec2024: Why Businesses Need to Boost Digital Trust Ameet Jugnauth CRISC, CGEIT, vice president of ISACA London Chapter, was interviewed by James Coker, deputy editor of Infosecurity Magazine, at Infosecurity Europe, discussing ISACA’s State of Digital Trust 2024. The report offers advice for security leaders on improving digital trust, and highlights the importance of governance, risk, and compliance. Watch the full interview 👉 https://lnkd.in/g7K9BrUE #DigitalTrust #Cybersecurity #InfoSecEurope #GRC

🎉 ENCRYPT's third plenary meeting in Rome was a success! 🚀 Discussions on privacy-preserving technologies, collaboration with GLACIATION project and future plans marked the event. Read more at our press release: https://shorturl.at/NofcW #ENCRYPT #Cybersecurity #DataPrivacy

If you are a member of the GSCPA or a subscriber to their Current Accounts publication, check out my article on the SEC Cybersecurity Disclosure Rule in the Sept/Oct edition. I hope it provides some helpful insight on the rule and its call for increased transparency in cybersecurity incidents. https://lnkd.in/eRB3C59N

Cybersecurity defines the future of our digital world. Yet with women making up only 9% of Africa’s cybersecurity workforce, the field is operating at a critical deficit. The stakes are high, and the time to act is now. The Championher Global Cybersecurity Conference will ignite a movement. This isn’t just a conference—it’s your chance to lead, to rewrite the narrative, and to join the frontline of change. For two days, immerse yourself in a world where you’ll gain the skills to tackle today’s biggest cyber threats, connect with the power players shaping global policy, and take your place in building a more secure, inclusive future. This year’s theme, “𝘊𝘩𝘢𝘮𝘱𝘪𝘰𝘯𝘪𝘯𝘨 𝘏𝘦𝘳: 𝘐𝘯𝘯𝘰𝘷𝘢𝘵𝘪𝘯𝘨 𝘊𝘺𝘣𝘦𝘳𝘴𝘦𝘤𝘶𝘳𝘪𝘵𝘺 𝘧𝘰𝘳 𝘢 𝘚𝘵𝘳𝘰𝘯𝘨𝘦𝘳 𝘋𝘪𝘨𝘪𝘵𝘢𝘭 𝘍𝘶𝘵𝘶𝘳𝘦” isn’t just a message. It’s a mission. Don’t just watch the future unfold—shape it. Follow Championher Global Cybersecurity Conference for insider updates, and secure your spot now before it’s gone. Register Through The Link: https://lnkd.in/gwevGx4N #ChampionHer #Cybersecurity #WomenInTech #AfricaInnovates

If your plans for 2025 include improved technology, the quiet time in January is a great chance to get set up. Learn more about the reasons to start your search for an Association Management System (AMS) now, and the benefits in the long run. https://hubs.ly/Q02NkTKT0

If you're in the South Texas area and are in the Cybersecurity or IT community, check out this free event to learn from other industry professionals. #cybersecurity #highered #infosec #event #cybersecurityawareness #IT

As #cyberattacks hit record highs, today's businesses need proven solutions that keep data secure and recoverable — when they need it most. Join Commvault on March 13 at 1 p.m. ET to see how Commvault's next-generation #CyberResilience platform can help empower your customers with rapid, reliable and clean data recoverability. Topics will include the importance of malware-free environments, the benefits of cloud-ready restores, and how Commvault mitigates advanced cyber threats for businesses of every size. Don't miss out! Register now to secure your spot: http://arw.li/6049XYo1S