Investing in Supply Chain Solutions

Published On: December 2, 2022

In episode forty-one of The Business of Security podcast, Josh Bruyning and Chad Boeckmann talk to Marcus Bartram from Telstra Ventures, a San Francisco-based VC firm that invests in mid-stage tech companies. According to Bartram, due to the changing IT architecture, cybercriminals are having an easier time breaking into companies, stealing data, and causing overall problems. It raises the question, “how do I solve a problem that didn’t exist yesterday that exists today?”

Now that cybercriminals know how to attack corporations through the supply chain, newer cyber companies have taken lead and stepped into the software supply chain spotlight. These companies are taking questions like, “how do I identify all the dependencies I have in my open-source software program, and what sort of attribution do I bring to each of those dependencies?” and “What does this tell me about the threat that I face through development and what do we do about it?” and creating tools that ultimately help answer these questions and keep other corporations safe from attacks.

With the software supply chain issue, third-party risk management also comes into question. According to Chad Boeckmann, this is a frustrating topic for many security professionals today because they feel that if they can do assessments, they can also do third-party external scanning of these vendors. To CISOs, this feels like they’re still just checking compliance boxes and not moving the needle to help create continuous improvement with their suppliers. This problem is seemingly not going away anytime soon, so what tools or strategies are rising to change the game around accountability and process improvement within the supply chain sector?

According to Bartram, third-party supply assessments were the job of email and spreadsheets and a dedicated team of people who hammered away at their company suppliers to get things done. This process has evolved in the creation of tools that attempt to form a more informed view of risk to third-party suppliers which was clearly depicted with the rise of the security scorecard. One company created a collaboration tool that can monitor and engage the supplier base in a conversation with the security team who can then see how the suppliers are improving their posture over time.

The supply chain sector and third-party risk management are areas that new companies are starting to address with innovative tools and thinking that investors are noticing. Interested in learning more? Check out the full episode, Investing in Supply Chain Solutions with Marcus Bartram HERE.

Browse These Topics

Tags

Assess Company's Security Readiness automate and visualize information security risk management better understanding of their information security management boost the confidence of board members boost the protection of your data corporation’s information security create a security roadmap cyber attack Cyber defense experts cyber security determining cyber risks developing security programs across the business Easy to Understand Data Security Solution effective cyber security software Effective Data Security Measures Good Cyber Hygiene guide development of a strong information security high quality cyber security tools house being robbed Identify Potential Security Weaknesses information security dashboard information security management information security managers information security platform Information Security Programs maintain advanced cyber security maintain the control and strength of your firm’s cyber security manage security programs success Managing information security prioritize security functions professional information security Progressive Data Security Solutions Proposing solutions to cyber threats reliable cyber security platform reliable information security dashboard responsibilities of a CISO risk assessment software stay ahead of potential cyber threats strengthening your company’s security measures strength of your company’s information security strong information security programs vCISO Visualization of Information Security Risk Management Visualize Information Security Risks visual representation of security risk in an organization