Joshua Corman is executive in residence for public safety & resilience at The Institute for Security and Technology (IST), a non-profit think tank based in the San Francisco Bay Area. He is also co-leader of a Cybersecurity and Infrastructure Security Agency (CISA) community working group for SBOM on-ramps & adoption. Previously, he was vice president of cybersecurity strategy for Claroty, an IoT security company; chief strategist on the CISA COVID task force; director of the Atlantic Council's Cyber Statecraft Initiative; and CTO at security software vendor Sonatype.

In August, Corman delivered a presentation at CISA's SBOM-a-Rama event warning that time is running out to more effectively protect critical infrastructure systems such as the water and power supply that rely on potentially vulnerable software to operate. Corman emphasized the urgent need to more effectively identify vulnerabilities and defend against attacks such as China's Volt Typhoon nation-state threat group. An initiative Corman is leading at IST under the working title UnDisruptable27 now looks to address these threats.

"We live in glass houses," he said in this episode's interview. "And people are about to start throwing rocks."

Chris Steffen is vice president of research for information security at analyst firm Enterprise Management Associates. He previously held a variety of IT leadership roles at companies including Hewlett Packard Enterprise, and DXC Technology. He is a regular speaker at industry conferences, the host of the Cybersecurity Awesomeness podcast and a frequent guest on other IT security podcasts.

The day of the CrowdStrike outage, Steffen posted on LinkedIn, "Not trying to kick anyone while they are down, but those that equate resiliency with public cloud computing really need to re-evaluate those beliefs, especially for mission critical workloads. The outages being reported today were some of the exact same issues that we have seen before, but - as an industry - don't seem to learn from."

In this episode, Steffen discusses the lessons on data center resilience he says have been lost in the cloud era and why IT orgs must re-evaluate their cloud risk.

Esteban Gutierrez is chief information security officer and vice president of information security at observability vendor New Relic. Previously, he was an enterprise information security strategist at Intel, and he managed the network operations and security center for the US Army Corps of Engineers.

He shares takeaways from New Relic's recent State of Observability survey, lessons learned from his career in cybersecurity about bridging the SecOps / IT Ops gap and why he believes data is crucial to the future of both DevSecOps and AI.