Joe Jarzombek, CSSLP, Global Manager, Software Supply Chain Solutions, Synopsys Software Integrity Group
Jarzombek has attended multiple years. The conference is a diverse group focus on Cybersecurity. He talks with InfoSecSync about Software Supply Chain Risk Management. Software Supply Chain Solutions helps companies with testing and evaluating software. Software vulnerabilities are things that we know. They can be discovered and patched. The fundamental cause to all exploits is software. The root cause are known vulnerabilities CVE’s and exploitable weaknesses CWE’s. “Our security risk depends on other external dependencies.” Products and services, hardware and software that is used in the enterprise are from external sources. “Who on the enterprise side is doing the evaluation and testing.” Commercial off the shelf components purchased from a 3rd party vendor are being purchased and put on the network with old vulnerabilities. The vulnerabilities have had patches available, but no one has conducted any evaluation and testing before placing them on the network. These are basic security measures that are not being mitigated before they are exploited. “We have got to get better.”
Joe Jarzombek is Global Manager for Software Supply Chain Solutions in the Software Integrity Group at Synopsys. He leads efforts to enhance the Software Integrity Platform to mitigate software supply chain risk via automated analysis and testing technologies that integrate within acquisition and development processes; enabling the detection, reporting, and remediation of defects and security weaknesses and vulnerabilities throughout the lifecycle to better enable others to gain assurance and visibility within the software supply chain. Focused on software security, safety and quality, he collaborates with industry consortia, standards bodies, and government agencies in evolving processes and technologies addressing software assurance, supply chain risk management, and security automation. Prior to joining Synopsys, he served as the Director for Software & Supply Chain Assurance in the US Department of Homeland Security Office of Cybersecurity and Communications. In that role, he led public-private collaboration efforts for US government interagency teams with industry, academia, and standards organizations focused on the assurance of information and communications technology (ICT) products and services. Prior to that he served in the US Department of Defense as the Deputy Director for Information Assurance (responsible for Software Assurance) in Office of the Chief Information Officer (CIO) and as the Director for Software Intensive Systems in the Office of Acquisition, Technology and Logistics (AT&L). He is a retired Lt Colonel in the US Air Force, having served as a program manager for several software intensive systems.
He is a Certified Secure Software Lifecycle Professional (CSSLP). He received an MS in Computer Information Systems from the Air Force Institute of Technology. He received a BA in Computer Science and BBA in Data Processing and Analysis from the University of Texas in Austin, TX.