Building Trust Through AI and Software Transparency: The Real Value of SBOMs and AISBOMs | An RSAC Conference 2025 Conversation with Helen Oakley and Dmitry Raidman | On Location Coverage with Sean Martin and Marco Ciappelli

ITSPmagazine Podcasts

Content provided by ITSPmagazine, Sean Martin, and Marco Ciappelli. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by ITSPmagazine, Sean Martin, and Marco Ciappelli or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

19d ago 19:37

MP3•Episode home

Helen Oakley, Senior Director of Product Security at SAP, and Dmitry Raidman, Co-founder and CTO of Cybeats, joined us live at the RSAC Conference to bring clarity to one of the most urgent topics in cybersecurity: transparency in the software and AI supply chain. Their message is direct—organizations not only need to understand what’s in their software, they need to understand the origin, integrity, and impact of those components, especially as artificial intelligence becomes more deeply integrated into business operations.

SBOMs Are Not Optional Anymore

Software Bills of Materials (SBOMs) have long been a recommended best practice, but they’re now reaching a point of necessity. As Dmitry noted, organizations are increasingly requiring SBOMs before making purchase decisions—“If you’re not going to give me an SBOM, I’m not going to buy your product.” With regulatory pressure mounting through frameworks like the EU Cyber Resilience Act (CRA), the demand for transparency is being driven not just by compliance, but by real operational value. Companies adopting SBOMs are seeing tangible returns—saving hundreds of hours on risk analysis and response, while also improving internal visibility.

Bringing AI into the SBOM Fold

But what happens when the software includes AI models, data pipelines, and autonomous agents? Helen and Dmitry are leading a community-driven initiative to create AI-specific SBOMs—referred to as AI SBOMs or AISBOMs—to capture critical metadata beyond just the code. This includes model architectures, training data, energy consumption, and more. These elements are vital for risk management, especially when organizations may be unknowingly deploying models with embedded vulnerabilities or opaque dependencies.

A Tool for the Community, Built by the Community

In an important milestone for the industry, Helen and Dmitry also introduced the first open source tool capable of generating CycloneDX-formatted AISBOMs for models hosted on Hugging Face. This practical step bridges the gap between standards and implementation—helping organizations move from theoretical compliance to actionable insight. The community’s response has been overwhelmingly positive, signaling a clear demand for tools that turn complexity into clarity.

Why Security Leaders Should Pay Attention

The real value of an SBOM—whether for software or AI—is not just external compliance. It’s about knowing what you have, recognizing your crown jewels, and understanding where your risks lie. As AI compounds existing vulnerabilities and introduces new ones, starting with transparency is no longer a suggestion—it’s a strategic necessity.

Want to see how this all fits together? Hear it directly from Helen and Dmitry in this episode.

___________
Guests:
Helen Oakley, Senior Director of Product Security at SAP | https://www.linkedin.com/in/helen-oakley/

Dmitry Raidman, Co-founder and CTO of Cybeats | https://www.linkedin.com/in/draidman/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

ThreatLocker: https://itspm.ag/threatlocker-r974

Akamai: https://itspm.ag/akamailbwc

BlackCloak: https://itspm.ag/itspbcweb

SandboxAQ: https://itspm.ag/sandboxaq-j2en

Archer: https://itspm.ag/rsaarchweb

Dropzone AI: https://itspm.ag/dropzoneai-641

ISACA: https://itspm.ag/isaca-96808

ObjectFirst: https://itspm.ag/object-first-2gjl

Edera: https://itspm.ag/edera-434868

___________

Resources

LinkedIn Post with Links: https://www.linkedin.com/posts/helen-oakley_ai-sbom-aisbom-activity-7323123172852015106-TJea

An open letter to third-party suppliers: https://www.jpmorgan.com/technology/technology-blog/open-letter-to-our-suppliers

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

______________________

KEYWORDS

helen oakley, dmitry raidman, sean martin, rsac 2025, sbom, aisbom, ai security, software supply chain, transparency, open source, event coverage, on location, conference

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

620 episodes