Webinar

< Back to all webinars

Industry Leaders

About Our Experts

Colin Whittaker

Founder & Director at Informed Risk Decisions Ltd
Colin is a leading payments security expert with extensive experience shaping global risk strategy. A former PCI SSC Board of Advisors member, he drove major security and compliance initiatives at APACS and Visa Europe. Now an independent consultant, he advises diverse organizations and frequently speaks and publishes on cybersecurity and information risk.

Janet Worthington

Senior analyst at Forrester advising security and risk professionals

Janet is Senior Analyst at Forrester, advises security and risk leaders on product security, secure development, and application security. With 25+ years in software development, security program management, and engineering leadership, she has helped global enterprises build scalable AppSec programs and strengthen collaboration across security, development, and product teams.

Paul Asadoorian

Principal Security Researcher at Eclypsium & founder of Security Weekly
Paul is Principal Security Evangelist at Eclypsium and founder of Security Weekly. With deep experience in penetration testing, vulnerability management, Python development, and security product evaluation, he brings hands-on expertise from roles supporting universities, enterprises, and security vendors. His work continues to influence modern vulnerability and firmware security practices.

Bob Shaker

Chief Product & Technology Officer at ActiveState
Bob has over 30 years experience in cyber security and has held positions in security consulting, Chief Information Security Officer for the world’s largest institutional investment firm, Chief Technology Officer for Symantec SBP, VP of Product and Services for Malwarebytes and most recently VP of Product for Trellix. Working with these incredible teams Bob has realized the launch of 11 new services, 3 products, 2 new divisions and 1 patent.

Alex Rybak

Director, Product Management at Anchore 
Alex Rybak drives innovation in software supply chain security. With more than 19 years of experience in cybersecurity, he has shaped product vision and strategy for Software Composition Analysis (SCA) solutions and is a recognized thought leader in SBOMs, vulnerability management, and open source license compliance. His expertise lies at the intersection of open source governance, compliance, and security, helping organizations operationalize trust and transparency across their software supply chains.

CPE Webinar | Beyond the SBOM: Defending the Software Supply Chain Against Modern Attacks

Apr 9 / IT GRC Forum
Modern enterprises increasingly rely on sprawling software ecosystems that blend commercial tools, open‑source components, cloud services, and vendor‑managed infrastructure. While SBOMs have become an essential step toward improving transparency, they are no longer sufficient to keep pace with the speed and sophistication of today’s exploitation cycles. Adversaries now weaponize newly disclosed vulnerabilities within hours, automate reconnaissance across dependency chains, and target infrastructure layers that fall well outside the visibility of traditional software inventories. As a result, organizations must rethink how they approach software supply chain security and expand their focus beyond static component lists.

This session brings together experts who will examine how attackers exploit the gaps that exist between software, infrastructure, and vendor ecosystems, and what enterprises can do to close them. The discussion will explore how to operationalize SBOMs in a way that delivers real defensive value, how to strengthen pre‑deployment controls, and how to harden infrastructure dependencies that often go unmonitored. Speakers will also address methods for evaluating and mitigating vendor and open‑source risks before software is purchased or integrated, as well as strategies for collaborating effectively with vendors to remediate vulnerabilities and validate security claims. The session concludes with a look at continuous monitoring practices that provide real‑time visibility into emerging risks across the full software and infrastructure supply chain.