Description

The software supply chain has quietly become one of the most critical — and least controlled — risk areas in cybersecurity. But according to industry veteran Theresa Lanowitz, that’s starting to change, driven by a surprising source: the CEO. In this episode of CYBR.HAK.CAST, she and hosts Michael Farnum and Phillip Wylie trace the evolution of today’s software risk landscape back to decades-old challenges in application security, where development and security teams often operated in silos. While tooling has improved and DevSecOps has gained traction, many of the same underlying problems persist, only now they’re amplified by AI and global software dependencies.

SHOW NOTES:

Things Mentioned:

• Upcoming CYBR.SEC.Community events: https://www.cybrsecmedia.com/conference/
• CYBR.SEC.Careers: https://www.linkedin.com/company/cybr-sec-careers/about/ fundraisers:
  • Cards for a Cause: https://www.linkedin.com/posts/cybr-sec-careers_cybrseccareers-nonprofit-cybersecurity-activity-7436794892787359744-v4Cz
  • CYBR CLAY SHOOT: https://www.linkedin.com/posts/cybr-sec-careers_cybrclayshoot-cybersecurity-cybercareers-activity-7435353518951084033-1iw9
  • Proceeds support CYBR.SEC.Careers mission is to build a strong, diverse workforce by providing career exposure, access to education and certifications, and mentorship for students and veterans pursuing careers in cybersecurity.

Episode 11 Timestamps

• 03:30 – 08:00 – Theresa Lanowitz’s background: early IoT, Sun Microsystems, Gartner, AT&T
• 08:00 – 15:00 – Application security history and the developer vs. security disconnect
• 15:00 – 20:00 – Evolution from SQL injection to AI-era prompt injection risks
• 20:00 – 30:00 – Software supply chain risks, third-party dependencies, and open source challenges
• 30:00 – 36:00 – AI’s role in expanding the attack surface and introducing new vulnerabilities
• 36:00 – 42:00 – CEO awareness and why supply chain risk is now a board-level issue
• 42:00 – 48:00 – Real-world anecdote: “checkbox security” and vendor trust pitfalls
• 48:00 – 55:00 – Hardware supply chain risks, chips, and critical infrastructure exposure
• 55:00 – End – AI, OWASP guidance, and the path forward for securing the supply chain

Do you have a question for the hosts? Reach out to us at media@cscgroupllc.com 

Keep up with CYBR.SEC.CON.:

• LinkedIn
• X
• Facebook
• Instagram

Keep up with CYBR.SEC.Media:

• LinkedIn
• X<