ISSA Sacramento Chapter Meeting, Friday, 1/21/2021, 11:30a-1:00p

Primary tabs

It is too early to know if we will be able to offer an in-person meeting. Check back later to find out. If we can only have a virtual meeting, or if we offer a hybrid in-person/virtual meeting, Zoom meeting details will be emailed to everyone who registers for the meeting (see below) at least an hour before the meeting starts at 11:30am PDT. (If you register later than 10:30am the day of the meeting, or fail to register at all, you may not get the zoom meeting details, so be sure to register!)

Topic: Compliance Management and the Software Supply Chain. Here is the slide desk.

Description: Following several supply chain attacks recently, including the Colonial pipeline, Kaseya, and SolarWinds breaches, President Joe Biden issued an executive order to improve the nation's cybersecurity. As part of that initiative, the executive order requires vendors to US national agencies to provide a software bill of materials. (SBOM) This executive order intended to provide more transparency in the software supply chain and help consumers, in this case, national agencies, understand the software's risks to these agencies. As part of the executive order, we've begun to research what the future may look like for software suppliers to both consumers and businesses. We see the market, as a whole, make a broad move towards real-time SBOMs, or SBOMs delivered as part of the software delivery process and intended for the consumers of that software to understand what legal and security implications they may be exposed to as a consumer. This is especially important when discussing embedded components as they're often being distributed directly to autonomous nodes or IoT devices that can be weaponized. As the SBOM process matures, we anticipate that organizations will begin to enforce security and legal risk in terms of contracts. Compliance failure will lead to damages from breach of contract or may go as far as canceling the contract for numerous infractions. We feel it's an important topic to discuss and bring to light, with any member yet unaware of the subject.

Speaker: John D. McDonald, FOUNDER & CEO, VP Product Management, Threatrix, Inc.

Speaker Bio: Impassioned engineer, open source advocate, free-time hacker, fitness junkie, and US Armed Forces Veteran. John brings more than 20 years of hands-on cybersecurity and leadership experience.

Do you have colleagues or friends who are interested in cyber security? Feel free to share the meeting details with them. You don't have to be a member of the ISSA to attend our meetings. But if you want to join the ISSA (and we hope you do, to help us continue to offer these meetings), visit and select "Sacramento Valley Chapter" when you join the ISSA.

Friday, January 21, 2022 - 11:30am to 1:00pm