Mike Sanchez Of United Data Technologies On SBOMs; What They Are, What They Are Not, And How Organizations Can Use Them To Make Us More Secure

Cyber attacks on products, devices, vehicles and critical infrastructure are on the rise. One of the tools that can be used to identify cyber threats are SBOMs, or Software Bill of Materials. How exactly can they be used to keep products more secure? What are their limitations? Why and how should a manufacturer or business use them?
  1. Hard Work Ethic — I was exposed to it early on, but really understood how important it was when I served in the Marine Corps. Your character as a leader is continuously tested in that environment. If you’re not willing to work hard and do as much or more as what you’re asking from the Marines assigned to you, no one will follow you anywhere.
  2. Integrity — Always deliver what you promise. It must guide your efforts in your business and your personal life. Not having integrity in everything you do, will make life exceptionally hard and stressful.
  3. Never ever stop learning — No matter your position, you can never stop learning and gaining valuable experience which contributes to having confidence in your work and your opinion. An attack that renders one of our clients without being able to operate, will quickly turn me from hero to zero in a wink of an eye. Because of this, I’m always trying to learn what type of techniques and tactics are being used, the challenges our clients deal with and what other things we need to do to improve our services.

  1. Cybersecurity is now very much a board level item. That wasn’t necessarily the case 7 to 10 years ago.
  2. The spending on cybersecurity has grown exponentially. Organizations allocate about 10% of their IT budget for cybersecurity services and solutions. This was unheard of 10 years ago when it was approximately 3 to 5% of an organization’s IT budget.
  3. The CISO position has evolved and become more important to the organization. This position practically didn’t exist 5 to 10 years ago.
  4. Cybersecurity issues have evolved into a business focus issue instead of merely a technology focus.
  5. In terms of trends, AI applications will help us develop solutions that are able to detect and respond to attacks faster. However, AI applications like ChatGpt probably pose the biggest threat. AI applications like ChatGPT can now be leveraged to develop sophisticated bots with malware to specifically exploit vulnerabilities of an application or in networks in half the time. The amount of intelligence hackers can gain prior to attacking an organization, now takes seconds instead of hours compiling intelligence from different data sources. It’s also extremely fast in creating custom made email messages attackers can then utilize during email phishing campaigns. So, it’s early in the ballgame so to speak; but AI capabilities are definitely outpacing our ability to react accordingly.

  • SBOMs are complicated to produce. Not true. There are applications that can help automate their development and inclusion within each application.
  • Only developers should have access to SBOMs. SBOMs should be shared across other business stakeholders including legal, risk and compliance departments, Chief Information and Security Officers and IT operations.
  • Much like the first point, some people think SBOMs are only relevant to enterprise level organizations. However, SBOMs are extremely important for any organization of any size that develops their own proprietary application, leverages open-source libraries as a component of their applications, or utilizes data sources or components from a 3rd party organization.

  • Organizations fail to keep the SBOM up to date with the latest information.
  • Organizations losing resources which originally developed the SBOM and were responsible for updating it.
  • Establishing a standard to follow which incorporates minimum requirements. This helps avoid different groups from developing SBOMs based on different formats which then become hard to understand or evaluate.
  • Centralize processes like SBOM management, evaluating and approving changes and or updating the SBOM itself including when changes can be applied and how are these changes communicated with.

  1. Identify an individual responsible for managing and keeping track of SBOMs and related applications. Even if different departments may contribute to the technical components of an application, S-B-O-M management should be a centralized function.
  2. Employ and adopt one of the frameworks. There are a few which are widely used such as NIST, and ISO or ones available through an open standard format like SPDX or CycloneDX. Ensure its adoption and use through periodic reviews with different stakeholders. Consider incorporating metrics that measure the number of changes made to SBOMs per application.
  3. Make an inventory of all applications and utilize an automated tool that identifies existing SBOMs. Review the results of these scans with stakeholders and identify gaps between existing documentation and results from scans. Repeatedly use the tool to validate mitigation efforts identified during periodic reviews to ensure fixes are applied.
  4. During the periodic reviews, include members from development, IT, risk management, HR and other teams which oversee application development to confirm SBOMs are embedded within software development lifecycle processes.
  5. Ensure vulnerability scans are being performed per internal vulnerability management policies. Prioritize mitigation efforts dependent on the severity of the vulnerability and overall importance of the application to the organization. Track mitigation efforts are being completed in accordance with internal vulnerability management policies.

Accomplish More With UDT

Get your custom solution in cybersecurity, lifecycle management, digital transformation and managed IT services. Connect with our team today.

More to explore

Crafting a Futureproof 1:1 Device Strategy for School Districts

In the evolving landscape of Education Technology, crafting a futureproof 1:1 device strategy is crucial. This strategy should link every student, teacher, and administrator experience with specific device specifications. The integration of educational apps into the curriculum can significantly enhance the learning environment. These apps, tailored to the needs of students, can provide interactive content, fostering a dynamic learning experience.

Optimizing Your K12 Tech Investments: Funding 1:1 Device Programs

This blog will guide school districts grappling with the financial and resource demands of implementing a successful 1:1 device program amid ongoing challenges of budget constraints and competing priorities. Our guided workbook, created in partnership with Intel, provides further support with personalized roadmap on “Pathways to Innovation: Building a Sustainable Digital Learning Environment”.​

K12 Cybersecurity: How to Secure 1:1 Devices in Your School District

This blog post delves into the importance of security, cybersecurity, and data privacy in school districts implementing 1:1 device initiatives. It offers basic steps for evaluating, planning, and executing a security strategy. Our guided workbook, created in partnership with Intel, provides a personalized roadmap on “Pathways to Innovation: Building a Sustainable Digital Learning Environment”.

Lost & Stolen Devices are a Serious Data Security Threat—Here’s Why

Since the pandemic, remote and hybrid work has become the norm. While mobile devices and remote workstations have empowered great flexibility, it has also led to an increase in data security problems due to lost, misplaced, or stolen devices. Find out how remote and hybrid setups are contributing to this problem and how to protect yourself and your organization.​

Ransomware Gangs Adding Pressure with ‘Swatting’ Attacks—Here’s What You Need to Know

Ransomware gangs are implementing new extortion tactics to encourage victims to pay up. Swatting is becoming an increasingly popular tactic. It involves calling law enforcement to falsely report a serious, in-progress crime triggering an extreme response such as an armed raid from the SWAT team. Explore how cybercriminals are using this tactic and what you can do to prevent it from happening to you.​

Smishing Attacks are on the Rise—Here’s How To Keep Your Data Safe

Smishing attacks are on the rise, posing a significant threat to data security. Originating from a blend of SMS and Phishing, these attacks have seen a drastic increase since 2020. The widespread use of smishing attacks has persisted, with a lack of awareness being a major issue. Many view these as simple spam messages, unaware of the danger they pose. This blog aims to raise awareness about smishing and provide actionable insights to protect yourself and your organization.

Experiencing a security breach?

Get immediate assistance from our security operations center! Take the following recommended actions NOW while we get on the case:


  1. Determine which systems were impacted and immediately isolate them. Take the network offline at the switch level or physically unplug the systems from the wired or wireless network.
  2. Immediately take backups offline to preserve them. Scan backups with anti-virus and malware tools to ensure they’re not infected
  3. Initiate an immediate password reset on affected user accounts with new passwords that are no less than 14 characters in length. Do this for Senior Management accounts as well.

Just one more step

Please fill out the following form,