Securing the Supply Chain with Christine Gadsby | 12

In this episode, Ciaran and James meet Christine Gadsby, Vice President and CISO at BlackBerry, to talk supply chain security; from exploding pagers to software liabilities. Christine reflects on how the industry is maturing around regulation, secure development, and vendor accountability as well as what happens when even hardware becomes a weapon.

Guest Bio:

Christine Gadsby is the Chief Information Security Officer for BlackBerry Cybersecurity with over 20 years of information and product security experience. Known in the industry for her strategic vision and leadership skills, she has a proven track record of developing and implementing robust security strategies that protect organizations from evolving cyber threats.

Gadsby is a visionary who helped pioneer secure software supply chain efforts influencing industry and government-driven security frameworks in use by the world's most security-conscious industries.

She is passionate about mentoring women in their security career journey. She is a sought-after panelist, moderator, and keynote speaker with several awards for challenging security mindsets and leading Diversity efforts, including Cybersecurity Woman of the Year, Power 100 Women in Security, and Top 10 Women Leading Cybersecurity. She is a well-known contributor, including RSA, CES, and Black Hat, and has been quoted in notable media outlets: Fox News, CBS, Yahoo, MSN, CSO Magazine, CyberScoop, and Dark Reading.

Highlights:

Software & Hardware Supply Chain Security

Modern cybersecurity means defending not just your own systems, but every layer of your digital and physical supply chain.

Software Security

• Securing software supply chains: how to safeguard against hidden dependencies | World Economic Forum
• Securing the Software Supply Chain: Recommended Practices Guide for Developers
• The US National Cybersecurity Strategy of 2023
• Defending Against Software Supply Chain Attacks
• CYBERDEFENSE REPORT Software Supply Chain Attacks An Illustrated Typological Review
• Software Supply Chain Risks (And Steps To Strengthen Security)
• The Realities of Maintaining a Secure Software Supply Chain
• SBOMs and the importance of inventory - NCSC.GOV.UK

Hardware Security

• Hezbollah pagers and walkie-talkies: How did they explode and who did it? - BBC News | Supply Chain Lessons from Thousands of Exploding Pagers
• WHITE PAPER - Cybersecurity for Automobiles: BlackBerry's 7-Pillar Recommendation
• A Hardware Bill of Materials (HBOM) Framework for Supply Chain Risk Management.
• CVE – Common Vulnerabilities and Exposures

Procurement, Liability, and Supply Chain Accountability

Procurement today is about accepting risk. Increasingly, organisations are being held financially and personally liable for the security posture of their vendors and suppliers.

• Public Procurement Practice – Cybersecurity for Procurement | Strengthening Cybersecurity: Strategies for Procurement
• Tackling security risk in government supply chains | Supply Chain Security for Suppliers | NPSA
• Software liability: The hard truths of holding manufacturers responsible | SC Media Who is liable for flawed software? New guidance upends the security standard | Cybersecurity Dive
• Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure
• CISO Liability Risks Spur Policy Changes at 93% of Organizations - Infosecurity Magazine
• The CISO: how chief information security officers can mitigate cyber-risks

Security Standards and Watermarks

The baseline security requirements that industries or regulators use to determine who can sell to them. These standards are evolving, increasingly industry-specific, and tied to real-world accountability.

• Software Security: Too Little Vendor Accountability, Experts Say
• FedRAMP – Federal Risk and Authorization Management Program
• ISO/IEC 27001 – Information Security Management
• Cybersecurity Framework – NIST

Women in Cybersecurity

Leaders are stepping up to provide mentorship, visibility, and industry-wide support but retention remains a challenge.

• How cyber can empower women with mentorship, community and confidence | Security Magazine
• Why tech companies are seeking women in cybersecurity - Women in Technology

Additional Resources

Subscribe & Follow:

• Subscribe to the podcast on Apple Podcasts, Spotify, or your favorite podcast platform.
• Follow us on Twitter, Facebook, and LinkedIn for updates.

Contact:

• Have questions or comments? Email us at cyberleaderspodcast@sans.org