web02.fireside.fm Sun, 10 May 2026 07:53:20 -0500 Fireside (https://fireside.fm) Tech Transforms - Episodes Tagged with “Sbom” https://techtransforms.fireside.fm/tags/sbom Tue, 09 Sep 2025 10:30:00 -0400 Global technology is changing the way we live. Critical government decisions affect the intersection of technology advancement and human needs. This podcast talks to some of the most prominent influencers shaping the landscape to understand how they are leveraging technology to solve complex challenges while also meeting the needs of today's modern world. en-us episodic Tech Transforms, brought to you by Owl Cyber Defense, talks to some of the most prominent influencers shaping government technology. Carolyn Ford Global technology is changing the way we live. Critical government decisions affect the intersection of technology advancement and human needs. This podcast talks to some of the most prominent influencers shaping the landscape to understand how they are leveraging technology to solve complex challenges while also meeting the needs of today's modern world. no Carolyn Ford Galadrielford@gmail.com Episode 105: From Compliance to Capability: Securing the Federal Software Supply Chain in the Age of AI https://techtransforms.fireside.fm/105 b78757c1-8167-4e0d-8921-afe3fa00ca3b Tue, 09 Sep 2025 10:30:00 -0400 Carolyn Ford full Carolyn Ford On this episode of Tech Transforms, host Carolyn Ford welcomes Antoine Harden, Regional VP of Federal at Sonatype, to unpack one of the most urgent challenges in federal cybersecurity. 40:57 no <p>On this episode of Tech Transforms, host Carolyn Ford welcomes Antoine Harden, Regional VP of Federal at Sonatype, to unpack one of the most urgent challenges in federal cybersecurity: securing the software supply chain. With more than 25 years of experience at Oracle, Google, and now Sonatype, Antoine shares why software supply chain risks from SolarWinds to Log4j have pushed SBOMs (Software Bills of Materials) and continuous monitoring into the spotlight.</p> <p>Together, they break down what SBOMs are (think nutrition labels for software), how mandates like Executive Order 14028 and frameworks like NIST’s Secure Software Development Framework (SSDF) and DoD’s SWFT are changing the compliance landscape, and why automation is essential to get from static ATOs to continuous authorization.</p> <p>Antoine also explains how Sonatype uses AI and software composition analysis tools to close critical gaps in open source and AI-heavy environments, helping agencies shift left, reduce vulnerabilities, and accelerate secure delivery of mission-critical systems. Along the way, the conversation covers everything from JFK delays caused by vulnerabilities, to the risks of “ludicrous speed” AI adoption, to the surprising history of Project Pigeon in WWII.</p> <p>For federal leaders ready to take action, Antoine offers one concrete step: start with a single mission-critical application, mandate an SBOM, and see what hidden risks you uncover.</p> <p>Show Notes:<br> Connect with Antoine <a href="https://www.linkedin.com/in/antoine-harden-mba-035a441/" target="_blank" rel="nofollow noopener">https://www.linkedin.com/in/antoine-harden-mba-035a441/</a> <br> <a href="https://www.federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity" target="_blank" rel="nofollow noopener">Executive Order 14028</a><a href="https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-218.pdf" target="_blank" rel="nofollow noopener">NIST Secure Software Development Framework (SSDF)</a><br> <a href="https://www.cisa.gov/zero-trust-maturity-model" target="_blank" rel="nofollow noopener">CISA Zero Trust Maturity Model</a><br> <a href="https://www.defense.gov/News/Releases/Release/Article/4174350/software-fast-track-initiative/" target="_blank" rel="nofollow noopener">DoD’s SWFT (Software Fast Track Initiative) </a><br> <a href="https://www.sonatype.com/resources?_gl=1*1jtfn7r*_up*MQ..*_ga*Mzc1ODU4NTM3LjE3NTYzMTc3NTc.*_ga_3W70E95Z6Q*czE3NTYzMTc3NTUkbzEkZzAkdDE3NTYzMTc3NTUkajYwJGwwJGgw*_ga_2TMM6KZPXQ*czE3NTYzMTc3NTUkbzEkZzAkdDE3NTYzMTc3NTUkajYwJGwwJGgw*_ga_08HT33J01V*czE3NTYzMTc3NTUkbzEkZzAkdDE3NTYzMTc3NTUkajYwJGwwJGgw" target="_blank" rel="nofollow noopener">Sonatype Resource Center</a> </p> SBOM, Software Supply Chain, Compliance, AI On this episode of Tech Transforms, host Carolyn Ford welcomes Antoine Harden, Regional VP of Federal at Sonatype, to unpack one of the most urgent challenges in federal cybersecurity: securing the software supply chain. With more than 25 years of experience at Oracle, Google, and now Sonatype, Antoine shares why software supply chain risks from SolarWinds to Log4j have pushed SBOMs (Software Bills of Materials) and continuous monitoring into the spotlight.

Together, they break down what SBOMs are (think nutrition labels for software), how mandates like Executive Order 14028 and frameworks like NIST’s Secure Software Development Framework (SSDF) and DoD’s SWFT are changing the compliance landscape, and why automation is essential to get from static ATOs to continuous authorization.

Antoine also explains how Sonatype uses AI and software composition analysis tools to close critical gaps in open source and AI-heavy environments, helping agencies shift left, reduce vulnerabilities, and accelerate secure delivery of mission-critical systems. Along the way, the conversation covers everything from JFK delays caused by vulnerabilities, to the risks of “ludicrous speed” AI adoption, to the surprising history of Project Pigeon in WWII.

For federal leaders ready to take action, Antoine offers one concrete step: start with a single mission-critical application, mandate an SBOM, and see what hidden risks you uncover.

Show Notes:
Connect with Antoine https://www.linkedin.com/in/antoine-harden-mba-035a441/
Executive Order 14028NIST Secure Software Development Framework (SSDF)
CISA Zero Trust Maturity Model
DoD’s SWFT (Software Fast Track Initiative)
Sonatype Resource Center

]]> On this episode of Tech Transforms, host Carolyn Ford welcomes Antoine Harden, Regional VP of Federal at Sonatype, to unpack one of the most urgent challenges in federal cybersecurity: securing the software supply chain. With more than 25 years of experience at Oracle, Google, and now Sonatype, Antoine shares why software supply chain risks from SolarWinds to Log4j have pushed SBOMs (Software Bills of Materials) and continuous monitoring into the spotlight.

Together, they break down what SBOMs are (think nutrition labels for software), how mandates like Executive Order 14028 and frameworks like NIST’s Secure Software Development Framework (SSDF) and DoD’s SWFT are changing the compliance landscape, and why automation is essential to get from static ATOs to continuous authorization.

Antoine also explains how Sonatype uses AI and software composition analysis tools to close critical gaps in open source and AI-heavy environments, helping agencies shift left, reduce vulnerabilities, and accelerate secure delivery of mission-critical systems. Along the way, the conversation covers everything from JFK delays caused by vulnerabilities, to the risks of “ludicrous speed” AI adoption, to the surprising history of Project Pigeon in WWII.

For federal leaders ready to take action, Antoine offers one concrete step: start with a single mission-critical application, mandate an SBOM, and see what hidden risks you uncover.

Show Notes:
Connect with Antoine https://www.linkedin.com/in/antoine-harden-mba-035a441/
Executive Order 14028NIST Secure Software Development Framework (SSDF)
CISA Zero Trust Maturity Model
DoD’s SWFT (Software Fast Track Initiative)
Sonatype Resource Center

]]>