didismusings.com

# Understanding SBOMs: Insights from Jim Hyman of Ordr

Written on

Chapter 1: Introduction to SBOMs

As cyber threats against businesses continue to escalate, organizations are seeking effective tools to bolster their security measures. One such tool is the Software Bill of Materials (SBOM). This article delves into how SBOMs can enhance product security, their limitations, and the strategies businesses can adopt for effective implementation. In this interview series, we engage with industry leaders and cybersecurity experts, including Jim Hyman, CEO of Ordr, to explore the significance of SBOMs.

Jim Hyman boasts over three decades of experience in managing high-performing teams in enterprise software and SaaS, with a strong focus on cybersecurity. Before leading Ordr, he served as the COO of Synack, a pioneer in crowdsourced security testing.

Section 1.1: Jim Hyman's Journey into Cybersecurity

Thank you for participating in this interview series, Jim! To kick things off, could you share your background and what motivated you to pursue a career in cybersecurity?

"My initial interest in cybersecurity stemmed from my passion for securing information. Today’s cybercriminals are sophisticated and well-funded, unlike the stereotypical hacker. The rapid evolution of technology to combat these threats captivated me. From my tenure in email security at IronPort to web security at Zscaler, and now at Ordr focusing on connected device security, I've been fortunate to develop tools that enhance enterprise safety."

Section 1.2: Key Traits for Success

What character traits have been pivotal to your success? Could you illustrate each with an example?

"It’s intriguing to reflect on my career through the lens of character traits. Three key themes emerge: maintaining optimism, surrounding myself with talented individuals, and fostering transparency. For instance, I once lost a significant RFP for a Fortune 100 bank, but my optimism remained intact. Just weeks later, we were contacted by someone from the review team who informed us that another division needed our services, leading to a fruitful partnership.

Working alongside brilliant individuals has been another highlight of my career. Regardless of their title, everyone contributes to the collective success.

Transparency is crucial too. People are drawn to organizations that demonstrate honesty and clarity. It’s rare for someone to leave because of a single incident; more often, it's about how situations are managed."

Chapter 2: The Evolution of Cybersecurity

Section 2.2: Ordr’s Mission

Are there any exciting projects you're currently working on that could benefit people?

"At Ordr, our goal is to enhance the safety of the connected world. We aim to secure the vast number of connected devices that organizations deploy, including IoT, IoMT, and operational technologies. Our efforts ensure that healthcare facilities can provide quality care, while also safeguarding critical infrastructure and manufacturing operations."

Chapter 3: Understanding SBOMs

Section 3.1: Definition and Purpose of SBOMs

What qualifies you as an authority on SBOMs?

"My two decades of experience in enterprise software and cybersecurity uniquely position me to discuss SBOMs. At Synack, we pinpointed vulnerabilities in devices and applications, revealing that even seemingly insignificant devices can harbor serious flaws. An understanding of all components is vital for effective protection."

Section 3.2: What is an SBOM?

Can you explain what an SBOM is and its primary function?

"An SBOM details the software applications running on a device, including their specific types, versions, and subcomponents. This enables organizations to verify against known vulnerabilities."

Section 3.3: Enhancing Security with SBOMs

How do SBOMs enhance our security?

"SBOMs help security teams identify which devices may be vulnerable. When acquiring a new device, the security team can use the SBOM to compile an inventory of the software, allowing them to react promptly to vulnerability disclosures."

Section 3.4: Limitations of SBOMs

What limitations exist with SBOMs?

"SBOMs are inherently static, representing a snapshot of software at a given moment. Without a connected device security solution, they must be manually monitored. It's crucial that manufacturers provide timely updates to their SBOMs, as many organizations operate with numerous connected devices."

Chapter 4: Implementing SBOMs Effectively

Section 4.1: Who Needs SBOMs?

Which organizations should prioritize SBOMs?

"Any organization utilizing software applications or devices needs an SBOM. Although the concept has been around in IT and manufacturing, the healthcare sector is gradually catching up under governmental pressure."

Section 4.2: Common Misconceptions

What misconceptions about SBOMs have you encountered?

"Many believe SBOMs will quickly resolve cybersecurity risks and that legislation will compel manufacturers to release them. The truth is, a global standard for sharing this information must first be established, and legislation will only apply to new devices."

Section 4.3: Best Practices for SBOM Implementation

Could you share five best practices for organizations looking to effectively implement SBOMs?

  1. Automate the tracking process using connected device security technology to ingest SBOMs seamlessly.
  2. Ensure SBOMs are stored in a searchable and indexable format.
  3. Hold manufacturers accountable; do not proceed with purchases without SBOM information.
  4. Keep SBOM details current, especially when software changes occur on devices.
  5. Encourage manufacturers who provide SBOMs by choosing to purchase their products.

Section 4.4: Follow Jim Hyman’s Work

How can readers stay updated on your work?

This interview provided valuable insights into SBOMs and their role in enhancing cybersecurity. Thank you for sharing your expertise, Jim!

Share the page:

Twitter Facebook Reddit LinkIn

-----------------------

Recent Post:

Empowering Soft Skills: Transforming Sensitivity into Strength

Learn how to ensure your soft skills are recognized and appreciated in the workplace.

Enhancing Your Read Ratio: The Power of Images in Writing

Discover how images can significantly improve your read ratio and engage your audience more effectively.

Signs from the Universe You Must Acknowledge for a Fulfilling Life

Discover essential signs from the universe that guide you toward a more fulfilling life. Don't ignore these powerful messages.