Our increasingly digital society relies on software and the recent rise in software supply chain attacks and ongoing software vulnerabilities has forced software security to the forefront of public attention. As software grows ever more complex and inter-connected, it becomes more difficult to ensure that it is free of vulnerabilities and hardened against attacks. One approach to addressing this challenge is the use of Software Bill of Materials (SBOM) - a comprehensive list of components that make up a piece of software.
We will explain what SBOM is, how it works, and why it is essential for identifying and managing vulnerabilities. We will also examine the benefits of using SBOM, including improved transparency and accountability, better risk management, and enhanced cybersecurity posture.
We will also cover ongoing initiatives by governments, industry associations, and software vendors to promote the use of SBOM. We will also review the current state of SBOM adoption and provide recommendations for organizations to implement SBOM in their software development and procurement processes.
Learning Outcomes:
Attendees will gain a clear understanding of the importance of SBOM for software security and will be able to assess the feasibility of implementing SBOM in their organization.

Cybersecurity Champion | Adjunct Instructor | Author | Speaker | CISSP, CISA, CISM, CCSP, CSSLP, Security+, Network+, PMP, PMI-ACP, PMI-PBA, ITIL | Mayor

Dave Hatter, PMP

Dave Hatter is an accomplished, enthusiastic, award-winning technology professional and servant leader with more than 30 years of software development, cybersecurity, and project management experience. He has earned numerous industry certifications including CISSP, CISA, CISM, CCSP, CSSLP, Security+, Network+, MS Azure Fundamentals, PMP, PMI-ACP, PMI-PBA, PSM 1, PSD 1, and ITIL Foundation V3 and holds a BS in Information Systems from NKU. He has written or contributed to 12 technology books, written more than 100 technology related articles and has been quoted in publications including The Wall Street Journal, Money, MSNBC, Salon, Reader’s Digest, MSN, Business Insider, The Street, Yahoo!Money, The Ladders, Dice.com, InfoWorld, ComputerWorld, CIO, CSO, CIO Update, Search CIO, Digital Trends, Tech Beacon, CyberNews, Lifewire and GearBrain.

Dave is a frequent speaker and has delivered dozens of seminars for organizations including (ISC)2, ISACA, itSMF, Cincinnati USA Regional Chamber of Commerce, Greater Cincinnati Better Business Bureau, Northern Kentucky Chamber of Commerce, Cincinnati AMA, Northern Cincinnati Chamber of Commerce, PMI Southwest Ohio, PMI Dayton/Miami Valley, PMI Central Ohio, and The Goering Center.

He has been an adjunct instructor at Cincinnati State Technical and Community College for nearly 20 year educating over 1,000 students in a variety of software engineering and IT courses. He has also taught at the University of Cincinnati and Gateway Community and Technical College and is the author of the Infosec Institute NIST 800-171 Skills Learning Path.