Never Miss An Episode | Subscribe Now
Shows
ShopAboutWork With Us
Never Miss An Episode | Subscribe Now

May 11, 2022

All About SBOMs w/ Chris Castaldo

by Cyber Ranch

Listen Now

test
All About SBOMs w/ Chris Castaldo

May 11, 2022 Cyber Ranch

00:00:00

Show Notes

“Knowing what’s in your software, in your organization, can help you quickly determine if you are impacted by a new vulnerability.” - Chris Castaldo 

In this episode, Allan is joined by author and CISO, Chris Castaldo, to share his knowledge on Software Bills of Materials (SBOMs) and their potential implications and use. Chris explains the concept and purpose of SBOMs, his tips for signing and securing SBOMs in terms of the CI/CD pipeline, and his thoughts on SBOMs being a roadmap for “bad guys.” Lastly, he shares advice on managing and understanding contracts. 

Listen to Chris Castado’s previous Cyber Ranch episode here and be sure to grab a copy of his book

 

Guest Bio:

Chris Castaldo is the author of “Start-up Secure: Baking Cybersecurity into your Company from Founding to Exit”. He is an experienced and industry recognized CISO with over 20 years of experience in cybersecurity. Chris is an expert in building cybersecurity programs from the ground up and specializes in applying cybersecurity in start-ups from seed to exit. He is also a Visiting Fellow at the National Security Institute (NSI) at George Mason University's Antonin Scalia Law School.

 

Links:

Sponsored by our good friends at  Axonius

Stay in touch with Chris Castaldo on LinkedIn

Follow Allan Alford on LinkedIn and Twitter

Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store 

Continue this conversation on our Discord

Listen to more from the Hacker Valley Studio and The Cyber Ranch Podcast

 

Read more

Recent Episodes

View All

March 29, 2023

CISO vs. Individual Contributor Perspectives w/ William Klusovsky

by Cyber Ranch

Becoming a CISO means changing a lot of perspectives.  Individual contributors need to learn this, and the CISO is the best one to teach them.  "They're never going to get it!" is a mantra used by both sides of that dialogue, and that is not a soluti...

Listen Now
March 22, 2023

How to Trust Your Vendors - A Scary Case Study with Paul Moreno

by Cyber Ranch

This episode is a story about an entire vendor encounter gone horribly wrong.  Allan is joined by Paul Moreno, VP of InfoSec at Catawii, formerly SVP of Cybersecurity at Adyen, investor and advisor.  Paul found a cybersecurity vendor.  Paul found goo...

Listen Now
March 15, 2023

Tech Teams, GRC Teams, and the CISO with Dr. Mike Brass

by Cyber Ranch

Join Allan and Dr. Mike Brass (whose degree is in archaeology!) as they jointly explore the technical side of the house vs. the GRC side of the house, noting that GRC can be a great path to CISO. Hear Mike's journey from IT technician to GRC to CISO....

Listen Now
March 8, 2023

How Do We Embrace Imperfection with Robin Sundaram

by Cyber Ranch

We have this idea that we can be perfect.  And we know that idea is unsound.  So we settle for imperfection.  But are we doing that purposefully?  Do we have a conscious plan for embracing imperfection?  How can we, as cyber professionals, embrace ou...

Listen Now
March 1, 2023

Technical Case vs. Business Case with Omkhar Arasaratnam

by Cyber Ranch

In this episode, Allan is joined by Omkhar Arasaratnam, a force in the industry and an expert in the intersection of software and security (you may remember Omkhar from an earlier show about supply chain security). They challenge each other to a game...

Listen Now
February 22, 2023

The Implications of ChatGPT and AI with Shaun Marion and ChatGPT

by Cyber Ranch

Join Allan, Shaun Marion (CISO of McDonald's) and ChatGPT itself for a lively conversation about the implications of this new tool, AI in general, and nuances about ChatGPT's usage. Even after controls were put into place to prevent ChatGPT from help...

Listen Now
February 15, 2023

Breach Communications with Heather Noggle

by Cyber Ranch

How important are communications after your company has been breached?  They can make or break customer perception, and the perception of the world.  Bad communications are perceived as bad intent. Joining Allan this week is Heather Noggle, owner of ...

Listen Now
February 8, 2023

BISO Bonanza with Ann Hines, James Binford and Matt Winkeler

by Cyber Ranch

Do you want to be a CISO one day?  Are you a CISO today who wants to strengthen your ties into the rest of the business?  The Business Information Security Officer (BISO) role is one you should explore. The role can vary quite a bit, as you will hear...

Listen Now
February 1, 2023

Developing and Fostering Good Leadership with Joey Rachid and Scott Moser

by Cyber Ranch

Joining Allan today are two folks who are passionate about leadership – not just practicing good leadership, but instilling good leadership in future generations.  Joey Rachid is CISO in the ecommerce and financial services industry, is on advisory b...

Listen Now
January 25, 2023

Are We Protecting People, Data, or Business? with Nipun Gupta

by Cyber Ranch

This week Allan is joined by Nipun Gupta, and industry veteran who has been a consultant, practitioner, vendor, advisor and investor. The topic is "What are we really protecting in cyber?" and the nuances of that question are explored in depth - as w...

Listen Now