To The Point - Cybersecurity

Joining us this week is Dr. David Bader, a Distinguished Professor and founder of the Department of Data Science in the Ying Wu College of Computing and Director of the Institute for Data Science at New Jersey Institute of Technology. He deep dives into the opportunity to democratize data science tools and the awesome free tool he and Mike Merrill spent the last several years building that can be found on the Bears-R-Us GitHub page open to the public. We also discuss the vulnerabilities in open-source supply chain, what about AI security teams should be concerned about, data poisoning, AI that is fair and equitable and the discussion on regulation and self-regulation in AI. Key takeaway from the conversation -- data science is indeed growing and it holds an exciting future for those that pursue it! David A. Bader is a Distinguished Professor and founder of the Department of Data Science in the Ying Wu College of Computing and Director of the Institute for Data Science at New Jersey Institute of Technology. Prior to this, he served as founding Professor and Chair of the School of Computational Science and Engineering, College of Computing, at Georgia Institute of Technology. He is a Fellow of the IEEE, ACM, AAAS, and SIAM; a recipient of the IEEE Sidney Fernbach Award; and the 2022 Innovation Hall of Fame inductee of the University of Maryland’s A. James School of Engineering. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e251

This week we’re joined by Julia Fallon, Executive Director of the State Educational Technology Directors Association (SETDA) and she shines a light on the appeal of school systems to cyber attackers. (HINT: it is access to PII to open credit cards, mortgages and more in the name of children that often is only detected many years later.) We also discuss the connection between schools and insurance companies, trends in how school systems are fortifying their security measures, the evolution of infosec to become a front office issue, and what schools can do to integrate cybersecurity into curriculums to both bolster security and lay a pathway for future cyber professionals. Julia Fallon is the Executive Director of the State Educational Technology Directors Association (SETDA), where she works with U.S. state and territorial digital learning leaders to empower the education community to leverage technology for learning, teaching, and school operations. Involved with learning technologies since 1989, her professional interest lies in making the case for public school systems wherein educators are able to optimize technology-rich learning environments to equitably engage the learners who fill their classrooms. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e250

Bill Evanina, Founder and CEO of the Evanina Group and former Director of the National Counterintelligence and Security Center Office of the Director of National Intelligence, joins the podcast this week to take a deep dive view into insider threat as September is Insider Threat Awareness Month. He shares insights from his many years on the counterintelligence and security front lines on what defines insider threat (Note: harm to self or others), the opportunities and challenges in available tools, information sharing and detection across organizations, the importance of leadership training and cross functional partnership to help mitigate insider threats and the criticality of sharing success stories (these really make a difference!). Founder and CEO of the Evanina Group advising CEOs and Board of Directors on strategic corporate risk, strategy, insider threats, cyber security, geopolitical risk, intelligence centers, etc. Instructor, University of Chicago, Graham School. Former Director of the National Counterintelligence and Security Center Office of the Director of National Intelligence responsible for leading and supporting the counterintelligence and security activities of the US Intelligence Community, the U.S. Government, and U.S. private sector entities at risk from intelligence collection or attack by foreign adversaries. Served as Chair of the NATO Counterintelligence Panel and the National Counterintelligence Policy Board, and the Allied Security and Counterintelligence Forum comprised of senior counterintelligence and security leaders from Australia, Canada, New Zealand, and the UK. Previously served as the Chief of the Central Intelligence Agency’s Counterespionage Group, as Assistant Special Agent in Charge of the FBI’s Washington Field Office and spent 24 years as a Special Agent with the Federal Bureau of Investigation (FBI). For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e249

We pick back up with Joshua Corman, founder of grass roots organization I Am the Cavalry, for part two of our discussion. Josh shares insights from his many years on the healthcare cyber front lines and provides both a captivating and sobering perspective on the state of healthcare security today. And while there have been many strides forward, we still have a long way to go. Audra and I learned so much during our discussion including themes such as cyber asbestos, the emerging care desert, dependency on undependable things, recalibrating the cost of connected medicine, if you can’t protect it/can’t connect it, the Omnibus Appropriations Act, and actionable insights on what we can do right now, as individuals and collectively, to make a difference. Joshua Corman is the founder of I Am the Cavalry, a grassroots organization focused on the intersection of digital security, public safety, and human life. He was formerly chief strategist of CISA’s COVID Task Force, where he advised on the pandemic response, provided cybersecurity expertise on healthcare infrastructure, and supported control systems and life safety initiatives. Prior to CISA, Josh was SVP and chief security officer at PTC, where he accelerated cyber safety maturity across industries. Previously, he served as director of the Atlantic Council’s Cyber Statecraft Initiative, on the Congressional Task Force for Healthcare Industry Cybersecurity, and in leadership roles at Sonatype, Akamai, IBM, and the 451 Group. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e248

We had so much to talk about with this week’s guest that we made it a two-part episode! Joining us this week, and next week, is Joshua Corman, founder of grass roots organization I Am the Cavalry. Josh shares insights from his many years on the healthcare cyber front lines and provides both a captivating and sobering perspective on the state of healthcare security today. And while there have been many strides forward, we still have a long way to go. Audra and I learned so much during our discussion including themes such as cyber asbestos, the emerging care desert, dependency on undependable things, recalibrating the cost of connected medicine, if you can’t protect it/can’t connect it, the Omnibus Appropriations Act, and actionable insights on what we can do right now, as individuals and collectively, to make a difference. Joshua Corman is the founder of I Am the Cavalry, a grassroots organization focused on the intersection of digital security, public safety, and human life. He was formerly chief strategist of CISA’s COVID Task Force, where he advised on the pandemic response, provided cybersecurity expertise on healthcare infrastructure, and supported control systems and life safety initiatives. Prior to CISA, Josh was SVP and chief security officer at PTC, where he accelerated cyber safety maturity across industries. Previously, he served as director of the Atlantic Council’s Cyber Statecraft Initiative, on the Congressional Task Force for Healthcare Industry Cybersecurity, and in leadership roles at Sonatype, Akamai, IBM, and the 451 Group. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e247

We’re excited to welcome back to the podcast Sudhakar Ramakrishna, CEO at SolarWinds. When we first caught up with Sudhakar it was several months into his tenure at the company managing through the Sunburst attack. We were so impressed with how he was helping navigate the company through this time we wanted to check in with him more than a year later for an update on how things are going. He shares insights on the company’s Secure by Design initiative, radical transparency, the power of public/private partnerships and an information sharing collaborative, CISA and creating a community of research, the opportunity for a national cyber guard, protection for whistleblowers, and the criticality of doing basic things right consistently. You won’t want to miss this exciting episode! Sudhakar Ramakrishna, President and CEO, SolarWinds Sudhakar Ramakrishna joined SolarWinds as President and Chief Executive Officer in January 2021. He is a global technology leader with nearly 25 years of experience across cloud, mobility, networking, security and collaboration markets. He most recently served as the CEO of Pulse Secure®, a leading provider of secure and zero trust access solutions for Hybrid IT environments, where he was responsible for all aspects of business strategy and execution. Prior to Pulse Secure, Mr. Ramakrishna served as the Senior Vice President and General Manager for the Enterprise and Service Provider Division at Citrix®, where he had responsibility for Citrix’s portfolio of virtualization, cloud networking, mobile platforms and cloud services solutions. Mr. Ramakrishna also has held senior leadership roles at Polycom, Motorola and 3Com. Mr. Ramakrishna is an experienced public and private company board member. Mr. Ramakrishna is a partner at Benhamou Global Ventures, a leading venture capital firm investing in emerging startups in the fields of security, analytics and applications. Mr. Ramakrishna earned a master’s degree in computer science from Kansas State University and a master’s of management degree from Northwestern University’s Kellogg School of Management. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e246

This week on the podcast, we’re joined by Mark Montgomery, senior director of the FDD’s Center on Cyber and Technology Innovation and director of the CSC 2.0. Mark shares about the different physical and cyber threats faced by satellites and space networks. He also shares considerations for classifying satellites as critical infrastructure and what the legislation required to do so might look like. Mark Montgomery serves as senior director of the Center on Cyber and Technology Innovation, where he leads FDD’s efforts to advance U.S. prosperity and security through technology innovation while countering cyber threats that seek to diminish them. Mark also directs CSC 2.0, an initiative that works to implement the recommendations of the congressionally mandated Cyberspace Solarium Commission, where he served as executive director. Previously, Mark served as policy director for the Senate Armed Services Committee under the leadership of Senator John S. McCain, coordinating policy efforts on national security strategy, capabilities and requirements, and cyber policy. Mark served for 32 years in the U.S. Navy as a nuclear-trained surface warfare officer, retiring as a rear admiral in 2017. He was assigned to the National Security Council from 1998 to 2000, serving as director for transnational threats. Mark has graduate degrees from the University of Pennsylvania and the University of Oxford and completed the U.S. Navy’s nuclear power training program. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e245

After nearly 300 episodes we have had some of the most spectacular guests on the podcast! Every once in a while we like to bring back one of our favorite episodes from the archives because we really enjoyed the conversation and think our new listeners will as well. This week we chat on the complexities and opportunities smart cities can deliver in the US and around the globe with guest Chris Teale, reporter at Smart Cities Dive. He’s spent years meeting with government and community leaders on the growth of smart cities and shares thoughts on just how fluid defining what a smart city is today. Learn which cities around the world are leading in the smart city evolution and how a patchwork of state-by-state laws and regulatory frameworks help and/or hinder progress. As well as examples of US cities you may not have expected that can share best practices and lessons learned with cities large and small across the country to help get them on the path to better utilizing technology and digitization to improve essential services (such as trash pick-up) and quality of life. He also shares insights of the ‘hackers as city consultant’ trend and how a federal government playbook for cities could help more cities get smarter, faster. Chris Teale, Reporter, Smart Cities Dive Chris is a reporter at Smart Cities Dive. He came to Industry Dive in February 2018 after spells in general assignment reporting in Alexandria and Arlington, Virginia. Chris graduated from the University of East Anglia in 2013, and moved to the Washington, D.C. area shortly after. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e244

This week we welcome to the podcast Chad McDonald, Chief of Staff and CISO at Radiant Logic. He talks about the very interesting and real reality of what is becoming known as the cyber poverty line and the security vulnerabilities that funding and resource inequities can create in a supply chain and elsewhere. He also shares insights for organizations to assess where they fall on the spectrum and resources available to identify and address security gaps relative to their business. We also dive into the popular topic of Zero Trust – and ponder the philosophical questions if everything is Zero Trust is anything Zero Trust. Other topics we cover in this fun conversation include AI, deepfakes, identity and security, and what sprinkling budget dust around can get you. Chad McDonald, Chief of Staff and CISO, Radiant Logic Chad brings more than 20 years’ experience building and managing information security programs. Chad has leveraged his security leadership to dozens of organizations across the technology, education and medical sectors. Prior to Radiant Logic, Chad defined security and technical integrations of 5 acquisitions and attained FedRAMP-in-Process status for Digital.ai. While serving as the Executive Director of the Office of the CISO at Optiv, he defined the security strategy for a $70 billion dollar merger between two technology giants. Chad holds a bachelor’s degree in information technology from Southern Polytechnic State University, as well as multiple certifications including CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor) and PMP (Project Management Professional). For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e243

This week we are so excited to have Nic Chaillan, founder and CEO of http://AskSage.ai join the podcast for a discussion on the explosion AI and the many implications that come with that for government and businesses. He shares insights on AI regulation – both what’s underway and considerations that should be undertaken when shaping how AI is regulated – it is no quick and easy fix! And then there is the flip side of regulation – does it stifle innovation – particularly when AI is in its infancy and the power it can deliver has yet to be fully discovered. We also dive into the ChatGPT topic on everyone’s mind and how to utilize this productivity enhancing tool within organizations without intellectual property entering the chat and walking out the door. And so much more…! Nicolas Chaillan is a technology entrepreneur, software developer, cybersecurity expert, and inventor. He was the first U.S. Air Force chief software officer (CSO) and is the founder of Ask Sage, Learn with Nic, and In the Nic of Time. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e242

We absolutely love when we have return guests on the podcast. And we are so excited to have Matt Bianco, President of FedWay Consulting joining us again to talk about one of our favorite topics – electric vehicles (EV). Or, more specifically, the move to electric vehicles across the federal government. The Biden Administration has set a goal of a 100% electrified fleet by 2027. Matt shares insights on progress being made to date and what the next few years look like to achieve the goal. We also discuss some of the inherent challenges with anything connected to the internet such as cyber threats to EV charging stations and securing federal EV infrastructure. And we talk about what a future of EVs means for places such as gas stations and why we’re not quite there yet on solar powered cars. Matt Bianco, President at Fedway Consulting Matt is a thought leader within the US Federal Government ecosystem related to Electric Vehicle (EV) Charging integration which includes strong knowledge of POV/GOV programs (workplace/fleet), hardware/software solutions, infrastructure, policy, etc. With partnerships across the industry including ChargePoint, Apollo Sunguard (SDVOSB), Beam Global, Freewire, etc, Matt has the ability to assist in formulating a plan that will cover every aspect of executing a flawless and easy Federal EV charging program. Other focuses include CyberSecurity initiatives and software solutions. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e241

Joining us this week is Brian Knappenberger, a producer and director renowned for such documentaries as Web of Make Believe: Death, Lies and the Internet, The Internet's Own Boy: The Story of Aaron Swartz, We Are Legion: The Story of the Hacktivists, and Turning Point: 9/11, to name a few. He shares insights from his recent documentary series Web of Make Believe (currently available on Netflix!) and the trajectory of misinformation, which has been around for centuries, through a lens from the 2016 election forward. We explore themes around technology innovation and how society adapts in both positive and negative ways – and how it presents opportunities for cyber attackers to exploit cracks in the system for financial gain. And we discuss impact of today’s always on/always connected world where as Marshall McLuhan once observed has become “quite as imperceptible to us as water is to fish.” Brian Knappenberger, Producer and Director Brian Knappenberger is an American documentary filmmaker, known for The Internet's Own Boy: The Story of Aaron Swartz, We Are Legion: The Story of the Hacktivists, and Turning Point: 9/11 and the War on Terror and his work on Bloomberg Game Changers. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e240

Joining the podcast this week is Dmitry Bestuzhev, senior director of cyber threat intelligence (CTI) at Blackberry. He gives Petko an inside look into the key types of CTI and how the insights can be used to build context and determine response in specific circumstances, such as in the recent case of attempted targets at NATO. Dmitry also turns our attention to the risks posed by public charging stations - a ploy dubbed “Juice Jacking.” Dmitry Bestuzhev, Senior Director CTI at BlackBerry Dmitry Bestuzhev is Senior Director, CTI (Cyber Threat Intelligence) at BlackBerry. Prior to BlackBerry, Dmitry was Head of Kaspersky's Global Research and Analysis Team for Latin America, where he oversaw the company's experts' anti-malware development work in the region. Dmitry has more than 20 years of experience in IT security across a wide variety of roles. His field of expertise covers everything from traditional online fraud to targeted high-profile attacks on financial and governmental institutions. His main focus in research is on producing Threat Intelligence reports on financially motivated targeted attacks. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e239

Joining the podcast this week is Dmitry Bestuzhev, senior director of cyber threat intelligence (CTI) at Blackberry. He gives Petko an inside look into the key types of CTI and how the insights can be used to build context and determine response in specific circumstances, such as in the recent case of attempted targets at NATO. Dmitry also turns our attention to the risks posed by public charging stations - a ploy dubbed “Juice Jacking.” Dmitry Bestuzhev, Senior Director CTI at BlackBerry Dmitry Bestuzhev is Senior Director, CTI (Cyber Threat Intelligence) at BlackBerry. Prior to BlackBerry, Dmitry was Head of Kaspersky's Global Research and Analysis Team for Latin America, where he oversaw the company's experts' anti-malware development work in the region. Dmitry has more than 20 years of experience in IT security across a wide variety of roles. His field of expertise covers everything from traditional online fraud to targeted high-profile attacks on financial and governmental institutions. His main focus in research is on producing Threat Intelligence reports on financially motivated targeted attacks. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e238

Juhani Hintikka, President and CEO of WithSecure joins the podcast this week to discuss Finland’s status as the newest member of NATO as of April 4, 2023. As many know this is a significant geopolitical move in the region, particularly when we remember Finland shares an 832-mile border with Russia, the longest of any European Union member. He provides perspective on speculation that such a move could increase the country’s cyber risks and shares insights on Finland’s key role in digital defense as well as the importance of outcome-based security. For anyone that has been tracking geopolitical activity related to Ukraine, Russia and possible implications as a Kremlin-perceived “non-aligned country” you won’t want to miss this very insightful podcast. Link to NATO article on Finland membership: https://www.nato.int/cps/en/natohq/news_213448.htm#:~:text=Finland%20became%20NATO's%20newest%20member,at%20NATO%20Headquarters%20in%20Brussels . Juhani Hintikka: CEO of WithSecure Presently, Juhani Hintikka is President & Chief Executive Officer for WithSecure Corp. and President & Chief Executive Officer for F-Secure Cyber Security Services Oy (a subsidiary of WithSecure Corp.). He is also on the board of 5 other companies, including European Cyber Security Organisation (ECSO), Finnish Information Security Cluster (FISC), and Nordea. In his past career, Mr. Hintikka occupied the position of Chairman at Ficolo Oy, President & Chief Executive Officer for Comptel Oyj and Head-Operations Support Solutions Business at Nokia Siemens Networks Oy. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e237

Joining the podcast this week is Ilona Cohen, the Chief Legal Officer, Chief Policy Officer, and Corporate Secretary at HackerOne. We dive into hot topics including the National Cyber Strategy, how government organizations can manage priorities, what lessons can be learned from the past and the “voluntary” reporting and compliance approach, along with breaking down the myriad funding pathways and allocations to truly make the National Cyber Strategy a reality. She also shares perspective on the importance of ethical hacking and the formation of the Hacking Policy Council along with thoughts for government agencies in addressing the cybersecurity talent gap, and where hackers fit into that equation. Ilona Cohen: Chief Legal Officer, Chief Policy Officer, and Corporate Secretary at HackerOne Ilona Cohen is currently the Chief Legal Officer, Chief Policy Officer, and Corporate Secretary at HackerOne. Cohen was formerly a senior lawyer to President Obama and served as General Counsel of the White House Office of Management and Budget (OMB). Prior to joining HackerOne, she was the Chief Legal and Compliance Officer of Aledade, another venture-backed tech company, where she successfully built and scaled the company’s legal and compliance teams. Cohen is already highly experienced with cybersecurity and ethical hacking solutions. Ilona was part of a core group in the White House responsible for development of President Obama’s long-term strategy to enhance cybersecurity awareness and protection in the public and private sectors. These efforts led to the decision to launch the first U.S. government bug bounty program, Hack The Pentagon, run by HackerOne. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e236

Back from the archives! We loved our discussion with Dr. Andrew Hammond, Historian and Curator of the International Spy Museum so much that we brought it back for your enjoyment this week! Hammond takes us through the classic period of espionage and the reliance on physical data and spycraft techniques to transport through to the modern day battlefield of cyber intelligence and espionage. And he provides insights on the historical throughlines of attacks that haven’t really changed over the centuries, by and large what is being sought is the same it is simply the mechanism by which exploits are executed have evolved. He also lends perspective on the cyber threat landscape ahead, and asks is this the dreadnought moment? Dr. Andrew Hammond, Historian & Curator at the International Spy Museum Dr. Andrew Hammond is Historian & Curator at the International Spy Museum. His interest in intelligence came from a period of service in the Royal Air Force, with secondments to the British Army and the Royal Navy. He specializes in military and intelligence history and is fascinated by how the artifacts at the Museum – whether an Enigma Machine, a Stinger Missile or the Jester’s Laptop – help tell personal stories and larger historical narratives. He is the author of a forthcoming book entitled, Struggles for Freedom: Afghanistan and US Foreign Policy Since 1979 and is working on another book that tells the story of 9/11 and the post-9/11 wars through the voices of military and intelligence veterans. He has taught at a number of institutions on both sides of the Atlantic and has held fellowships at the British Library, the Library of Congress, New York University and the University of Warwick. He was formerly a Mellon Public Humanities Fellow at the 9/11 Memorial Museum and is currently a Public Policy Fellow at the Wilson Center. He hosts SpyCast, the Museum’s podcast, and has taken acting and public speaking courses in London, New York, Birmingham and Washington, DC. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e235

For this week’s episode of the podcast, we’re joined by Patrick Vandenberg, director of product marketing at Invicti Security. Patrick helps us unpack the reasons behind why 70% of security incidents start from web applications and talks us through the importance of application security and dynamic application security testing (DAST). Patrick also touches on where the future of application security testing may be heading and how scanning varies across industries. Patrick Vandenberg, Director of Product Marketing at Invicti A seasoned cybersecurity leader, Patrick Vandenberg is the Director of Product Marketing at Invicti Security. He works closely with security and DevSecOps stakeholders to understand today’s cybersecurity pain points so we can continue to help our customers solve their application security challenges. As an alumnus of several cybersecurity companies, including Hunters, Snyk, and IBM Security, Patrick brings over 20 years of experience in cybersecurity across product marketing and product management roles. Patrick holds a degree in Systems & Computer Engineering from Carleton University and, in his free time, continues a longtime passion for coaching and playing hockey. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e234

Joining us this week is Javvad Malik, Security Awareness Advocate at KnowBe4. We cover an array of themes including the need to “protect the seams”, understanding where risks are moving, how small interventions can deliver quick security wins, understanding people in the security equation and the importance of cybersecurity training, the AI debate, smishing attacks, and more! Javvad Malik is a Security Awareness Advocate at KnowBe4, a blogger event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security that speak to both technical and non-technical audiences alike. Prior to joining KnowBe4, Javvad was security advocate at AlienVault. Before then, he was a Senior Analyst at 451’s Enterprise Security Practice (ESP), providing in-depth, timely perspective on the state of enterprise security and emerging trends in addition to competitive research, new product and go-to-market positioning, investment due diligence and M&A strategy to technology vendors, private equity firms, venture capitalists and end users. Prior to joining 451 Research, he was an independent security consultant, with a career spanning 12+ years working for some of the largest companies across the financial and energy sectors. As well as being an author and co-author on several books, Javvad was one of the co-founders of the Security B-Sides London conference. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e233

Joining the podcast this week is Katie Arrington is the founder of LD Innovations, LLC Cybersecurity and the former Chief Information Security Officer for Acquisition and Sustainment (CISO(A&S)) to the Under Secretary of Defense for Acquisition and Sustainment (USD(A&S)). We cover many interesting themes in our lively discussion including Cybersecurity Maturity Model Certification (CMMC), the impact of a cyber mentality and culture, the National Cybersecurity Strategy, the CHIPS Act, risk reduction strategies, the future of cybersecurity, China’s 100-year plan, Huawei, MITRE, Paperwork Reduction Act, and so much more. And for movie fans, there are more than a dozen movie references you’ll want to hear. Plus many book recommendations as well - some you might be surprised to learn! Follow-up reading from today's podcast: https://www.mitre.org/sites/default/files/2021-11/prs-18-2417-deliver-uncompromised-MITRE-study-26AUG2019.pdf https://www.mitre.org/news-insights/publication/deliver-uncompromised-strategy-supply-chain-security-and-resilience For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e232