OODA Loop

Understand tomorrow, today.

Leading Cyber Change: Allan Friedman on the Revolution of SBOM & Future Cybersecurity Initiatives

OODAcast / by

Allan Friedman is a senior strategist at CISA (the Cyber Security and Infrastructure Security Agency) where he coordinates all of their cross-sector activities on the topic of SBOM: The Software Bill of Materials.

Allan is widely known as a change agent in both the public and private sector. In government he led initiatives that created positive change in major community-wide initiatives around vulnerability disclosure and vulnerability management. He also championed efforts that made dramatic improvements in the ability to reduce risk due to the proliferation of Internet of Things devices including championing ways to keep these devices patched in the field. Now at CISA his SBOM efforts have produced action across a sector that few other initiatives have.

We discuss:

– What executive leaders need to know about SBOM and how to explain its benefits to any non-technical executive.

– How a small team can establish a vision and make change across government, industry and academia.

– What new initiatives may be coming that will support needs of the security and technology communities.

Podcast Version:

Related Reading:

Technology Convergence and Market Disruption: Rapid advancements in technology are changing market dynamics and user expectations. See: Disruptive and Exponential Technologies.

Corporate Board Accountability for Cyber Risks: With a combination of market forces, regulatory changes, and strategic shifts, corporate boards and their directors are now accountable for cyber risks in their firms. See: Corporate Directors and Risk

Geopolitical-Cyber Risk Nexus: The interconnectivity brought by the Internet has made regional issues affect global cyberspace. Now, every significant event has cyber implications, making it imperative for leaders to recognize and act upon the symbiosis between geopolitical and cyber risks. See The Cyber Threat

Challenges in Cyber “Net Assessment”: While leaders have long tried to gauge both cyber risk and security, actionable metrics remain elusive. Current metrics mainly determine if a system can be compromised, without guaranteeing its invulnerability. It’s imperative not just to develop action plans against risks but to contextualize the state of cybersecurity concerning cyber threats. Despite its importance, achieving a reliable net assessment is increasingly challenging due to the pervasive nature of modern technology. See: Cyber Threat

About Bob Gourley

Bob Gourley is an experienced Chief Technology Officer (CTO), Board Qualified Technical Executive (QTE), author and entrepreneur with extensive past performance in enterprise IT, corporate cybersecurity and data analytics. CTO of OODA LLC, a unique team of international experts which provide board advisory and cybersecurity consulting services. OODA publishes OODALoop.com. Bob has been an advisor to dozens of successful high tech startups and has conducted enterprise cybersecurity assessments for businesses in multiple sectors of the economy. He was a career Naval Intelligence Officer and is the former CTO of the Defense Intelligence Agency.