Product Security Teams: How the Heck Do You Run Them? - with Josh Corman

Written By Jake Jorgovan

On this week's episode of IoT: The Internet of Threats podcast, host Eric Greenwald discusses recent news in product and supply-chain cybersecurity with Nick and Sam, the Vidovich brothers. He interviews Joshua Corman, former Chief Strategist at CISA COVID Task Force and Founder of I am The Cavalry.

News Roundup:

This week's Weekly News Roundup covers:

  • Assessing the difference between Spring4Shell and Log4j vulnerabilities

  • New draft, bipartisan legislation that would require SBOMs for medical devices


Interview with Josh Corman:

Josh has worked in security for many years. His background includes a lot of in-depth work in cyber and physical security for medical devices.

Josh is also widely known as the godfather of the Software Bill of Materials (SBOM). 

All of this experience led to his recent work with the government as the Chief Strategist for the CISA COVID Task Force.

On the episode, Josh and Eric discuss the key functions of a product security team and the critical leadership role of the Chief Product Security Officer.

Josh and Eric also discuss:

  • How a world increasingly dependent on digital infrastructure can be protected

  • Trends and forces that have made product security roles increasingly important

  • General principles for prioritizing and accurately interpreting the severity of threat reports

  • Guidance for teams that lack sufficient resources

  • How to buy down more risk with fewer resources


Connect with Josh Corman: https://www.linkedin.com/in/joshcorman/

Learn more about I am The Cavalry at https://iamthecavalry.org/

Read up on the Health Care Industry Cybersecurity Task Force here: https://www.phe.gov/Preparedness/planning/CyberTF/Pages/default.aspx


Thank you for listening to this episode of IoT: The Internet of Threats podcast, powered by Finite State — the leading product security solution provider for connected devices and embedded systems.

If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.

To learn more about building out a robust product security program, protecting your connected devices, and complying with emerging supply-chain cybersecurity regulations and technical standards, visit https://finitestate.io/.

Jake Jorgovan

https://Jake-Jorgovan.com

https://www.jake-jorgovan.com
Previous

The SBOM Is Coming, with Allan Friedman
Next

How to Build Effective Product Security Teams, with Matt Wyckhouse