Helen Oakley, Senior Director of Product Security at SAP, and Dmitry Raidman, Co-founder and CTO of Cybeats, joined us live at the RSAC Conference to bring clarity to one of the most urgent topics in cybersecurity: transparency in the software and AI supply chain. Their message is direct—organizations not only need to understand what’s in their software, they need to understand the origin, integrity, and impact of those components, especially as artificial intelligence becomes more deeply integrated into business operations.
SBOMs Are Not Optional Anymore
Software Bills of Materials (SBOMs) have long been a recommended best practice, but they’re now reaching a point of necessity. As Dmitry noted, organizations are increasingly requiring SBOMs before making purchase decisions—“If you’re not going to give me an SBOM, I’m not going to buy your product.” With regulatory pressure mounting through frameworks like the EU Cyber Resilience Act (CRA), the demand for transparency is being driven not just by compliance, but by real operational value. Companies adopting SBOMs are seeing tangible returns—saving hundreds of hours on risk analysis and response, while also improving internal visibility.
Bringing AI into the SBOM Fold
But what happens when the software includes AI models, data pipelines, and autonomous agents? Helen and Dmitry are leading a community-driven initiative to create AI-specific SBOMs—referred to as AI SBOMs or AISBOMs—to capture critical metadata beyond just the code. This includes model architectures, training data, energy consumption, and more. These elements are vital for risk management, especially when organizations may be unknowingly deploying models with embedded vulnerabilities or opaque dependencies.
A Tool for the Community, Built by the Community
In an important milestone for the industry, Helen and Dmitry also introduced the first open source tool capable of generating CycloneDX-formatted AISBOMs for models hosted on Hugging Face. This practical step bridges the gap between standards and implementation—helping organizations move from theoretical compliance to actionable insight. The community’s response has been overwhelmingly positive, signaling a clear demand for tools that turn complexity into clarity.
Why Security Leaders Should Pay Attention
The real value of an SBOM—whether for software or AI—is not just external compliance. It’s about knowing what you have, recognizing your crown jewels, and understanding where your risks lie. As AI compounds existing vulnerabilities and introduces new ones, starting with transparency is no longer a suggestion—it’s a strategic necessity.
Want to see how this all fits together? Hear it directly from Helen and Dmitry in this episode.
___________
Guests:
Helen Oakley, Senior Director of Product Security at SAP | https://www.linkedin.com/in/helen-oakley/
Dmitry Raidman, Co-founder and CTO of Cybeats | https://www.linkedin.com/in/draidman/
Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com
Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com
___________
Episode Sponsors
ThreatLocker: https://itspm.ag/threatlocker-r974
Akamai: https://itspm.ag/akamailbwc
BlackCloak: https://itspm.ag/itspbcweb
SandboxAQ: https://itspm.ag/sandboxaq-j2en
Archer: https://itspm.ag/rsaarchweb
Dropzone AI: https://itspm.ag/dropzoneai-641
ISACA: https://itspm.ag/isaca-96808
ObjectFirst: https://itspm.ag/object-first-2gjl
Edera: https://itspm.ag/edera-434868
___________
Resources
LinkedIn Post with Links: https://www.linkedin.com/posts/helen-oakley_ai-sbom-aisbom-activity-7323123172852015106-TJea
An open letter to third-party suppliers: https://www.jpmorgan.com/technology/technology-blog/open-letter-to-our-suppliers
Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage
______________________
KEYWORDS
helen oakley, dmitry raidman, sean martin, rsac 2025, sbom, aisbom, ai security, software supply chain, transparency, open source, event coverage, on location, conference
______________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage
Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf
Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us
View all episodes
By ITSPmagazine, Sean Martin, Marco Ciappelli
5
3131 ratings
Helen Oakley, Senior Director of Product Security at SAP, and Dmitry Raidman, Co-founder and CTO of Cybeats, joined us live at the RSAC Conference to bring clarity to one of the most urgent topics in cybersecurity: transparency in the software and AI supply chain. Their message is direct—organizations not only need to understand what’s in their software, they need to understand the origin, integrity, and impact of those components, especially as artificial intelligence becomes more deeply integrated into business operations.
SBOMs Are Not Optional Anymore
Software Bills of Materials (SBOMs) have long been a recommended best practice, but they’re now reaching a point of necessity. As Dmitry noted, organizations are increasingly requiring SBOMs before making purchase decisions—“If you’re not going to give me an SBOM, I’m not going to buy your product.” With regulatory pressure mounting through frameworks like the EU Cyber Resilience Act (CRA), the demand for transparency is being driven not just by compliance, but by real operational value. Companies adopting SBOMs are seeing tangible returns—saving hundreds of hours on risk analysis and response, while also improving internal visibility.
Bringing AI into the SBOM Fold
But what happens when the software includes AI models, data pipelines, and autonomous agents? Helen and Dmitry are leading a community-driven initiative to create AI-specific SBOMs—referred to as AI SBOMs or AISBOMs—to capture critical metadata beyond just the code. This includes model architectures, training data, energy consumption, and more. These elements are vital for risk management, especially when organizations may be unknowingly deploying models with embedded vulnerabilities or opaque dependencies.
A Tool for the Community, Built by the Community
In an important milestone for the industry, Helen and Dmitry also introduced the first open source tool capable of generating CycloneDX-formatted AISBOMs for models hosted on Hugging Face. This practical step bridges the gap between standards and implementation—helping organizations move from theoretical compliance to actionable insight. The community’s response has been overwhelmingly positive, signaling a clear demand for tools that turn complexity into clarity.
Why Security Leaders Should Pay Attention
The real value of an SBOM—whether for software or AI—is not just external compliance. It’s about knowing what you have, recognizing your crown jewels, and understanding where your risks lie. As AI compounds existing vulnerabilities and introduces new ones, starting with transparency is no longer a suggestion—it’s a strategic necessity.
Want to see how this all fits together? Hear it directly from Helen and Dmitry in this episode.
___________
Guests:
Helen Oakley, Senior Director of Product Security at SAP | https://www.linkedin.com/in/helen-oakley/
Dmitry Raidman, Co-founder and CTO of Cybeats | https://www.linkedin.com/in/draidman/
Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com
Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com
___________
Episode Sponsors
ThreatLocker: https://itspm.ag/threatlocker-r974
Akamai: https://itspm.ag/akamailbwc
BlackCloak: https://itspm.ag/itspbcweb
SandboxAQ: https://itspm.ag/sandboxaq-j2en
Archer: https://itspm.ag/rsaarchweb
Dropzone AI: https://itspm.ag/dropzoneai-641
ISACA: https://itspm.ag/isaca-96808
ObjectFirst: https://itspm.ag/object-first-2gjl
Edera: https://itspm.ag/edera-434868
___________
Resources
LinkedIn Post with Links: https://www.linkedin.com/posts/helen-oakley_ai-sbom-aisbom-activity-7323123172852015106-TJea
An open letter to third-party suppliers: https://www.jpmorgan.com/technology/technology-blog/open-letter-to-our-suppliers
Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage
______________________
KEYWORDS
helen oakley, dmitry raidman, sean martin, rsac 2025, sbom, aisbom, ai security, software supply chain, transparency, open source, event coverage, on location, conference
______________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage
Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf
Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us
2 Listeners
2 Listeners
4 Listeners
0 Listeners
3 Listeners
0 Listeners