The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 


See you at RSA 2021 – without the hotel bill!

Tom Alrich's picture
Supply chain Cyber Risk management - emphasis on SBOMs and VEX documents, Tom Alrich LLC

I provide consulting services in supply chain cybersecurity risk management and am now primarily focused on software bills of materials (SBOMs) and VEX (Vulnerability Exploitability eXchange). I...

  • Member since 2018
  • 427 items added with 154,788 views
  • Mar 15, 2021

 (or in my case, without the AirBnB invoice)

This year, RSA will be all virtual. It will run from May 17-20. And I’ll again be speaking on a panel led by Mark Weatherford, former NERC CISO and now CSO and Board Member of the National Cybersecurity Center. My fellow panelists will be Jennifer Bisceglie, Founder of Interos Inc, and Chris Blask, Global Director of Industrial Security of UNISYS.

Our panel will run from 2:40 to 3:20 PM Pacific Time on May 20 (and don’t give me an excuse that you have to miss our session to catch a flight home from SFO! Normally, the last afternoon of the conference is pretty quiet). However, please stick around afterwards, because there will be an “Additional Audience Engagement” session, starting at 3:20. I have never heard of one of these before at the conference (if they’ve even had them before), but RSA says it’s a “40-minute interactive QA discussion” on the topic of our panel. This is great, because I’ve never been on a panel where it was possible to get into the topic in much depth, or to take many questions. This will be an exception.

Well, I guess that’s about it…What, you want to know what the topic is? Sure, it’s “DBOM and SBOM: New Options for Better Supply Chain Cybersecurity”. The description is “The global supply chain includes a mystifying accumulation of digital and software components that generate perplexing cybersecurity risk management challenges. These supply chain risk management challenges can be addressed through the focused application of both Digital Bill of Materials (DBoM) and Software Bill of Materials (SBoM) to document component provenance to consuming organizations.”

If you’ve been reading this blog at all lately, you’ve certainly heard of SBoM. But what’s DBoM? DBoM is…well, here’s a very succinct summary of it by Chris; you can also find a few podcasts on DBoM by searching on his name. But I’ll admit: I’ve been going to (at least) weekly meetings discussing DBoM since last August, and I’m just now beginning to realize how revolutionary it is – and how it can lead to great improvements in security and efficiency of supply chains, which I (and the others in the group, frankly, including Chris himself) are just beginning to understand.

Oh, and in case you think this is a (poorly) disguised product sales pitch, I’ll point out that DBoM is an open source product.

I hope to see you there on May 20! And be sure to leave enough time to find the room where we’re speaking (for some reason, I don’t see the room number on the email from RSA). The Moscone Center is a big place.

Any opinions expressed in this blog post are strictly mine and are not necessarily shared by any of the clients of Tom Alrich LLC. If you would like to comment on what you have read here, I would love to hear from you. Please email me at



No discussions yet. Start a discussion below.

Tom Alrich's picture
Thank Tom for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member

Get Published - Build a Following

The Energy Central Power Industry Network® is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »