Left to Our Own Devices Cybellum Technologies LTD

In this special bonus episode, we welcome back Tom Alrich, an expert in supply chain cybersecurity to discuss one of the most pressing issues in cybersecurity right now. Tom discusses the current issues with the National Vulnerability Database (NVD) and the challenges it presents for effective vulnerability management. We explore his proposed solutions and the future of software supply chain security, based on his extensive experience.
If you'd like to reach out to Tom, his email address is tom@tomalrich.com.
Additional links/resources mentioned during the episode or relevant to the discussion (if the links are not clickable please visit cybellum.com/podcasts to find them)
The SBOM Forum's 2022 white paper on fixing the CPE problem in the NVDTom's post from yesterday on the problem with vulnerability managementThe link to the SBOM Forum's website, where donations can be made (please email Tom before donating)An additional post he published on the day we recorded the episode which further highlights the NVD issueTom's book "Introduction to SBOM and VEX" which is out now
Tom also mentioned that he misspoke when he said at the end that the OWASP Vulnerability Database Working Group is meeting twice weekly. In reality, they are only meeting twice monthly, as he can't afford to dedicate more time than that. They would love to meet at least weekly and also create documents, webinars, and more. Therefore, they are seeking some modest donations to support these efforts.

Join us as we dive into the journey of Ashwini Siddhi, Director of Product Security Engineering at GoDaddy. Ashwini shares her experiences from Dell to GoDaddy, her expertise in threat modeling, and the pivotal role of Bengaluru in her career. We also explore her advocacy for diversity and inclusion in cybersecurity and her influential mentorship with Women in Cyber. 

We sat down with Scott Sheahan, the owner of Rustic Security, to learn from his rich background in the automotive cybersecurity world and embedded software development.

We sat down with a System Security Architecture Manager at NVIDIA, to discuss the convergence of Automotive cybersecurity and AI, as well as NVIDIA's Morpheus Cybersecurity Framework.

We sat down with the Sr Director of Cyber Security & Medical Device Connectivity Engineering at ICU Medical to discuss medical device cybersecurity, FDA, and balancing innovation and security.

In this episode, we talk to Steve Orrin, Chief Technology Officer and Senior PE at Intel Federal, about his unique journey from biology to cybersecurity leadership. We discuss the main challenges faced by federal bodies in the cybersecurity landscape and how they differ across industries like Aerospace, Education, and Healthcare.
Steve shares valuable insights on product cybersecurity, emphasizing the growing interest from governments worldwide, as seen in regulations like the FDA Premarket Guidance and the Cyber Resilience Act. He offers advice to vendors, suppliers, and users on navigating this evolving regulatory landscape.