Coming Soon? Getting Sued for Crappy Software? with John Banghart, Senior Director for Cybersecurity Services, Venable LLP

Written By Ryan Owen

On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald meets up with John Banghart, Senior Director for Cybersecurity Services at Venable LLP, a law firm that provides cybersecurity and privacy risk management advisory to clients of all shapes and sizes across a wide variety of sectors. Venable also runs a nonprofit organization called the Center for Cybersecurity Policy & Law that connects private-sector companies with government organizations to discuss policy and standards issues. 


John Banghart has nearly 30 years of federal government and private sector experience in cybersecurity. These days, he focuses mostly on the healthcare sector with an emphasis on cloud computing and information sharing.  


Together, Eric and John review the Biden Administration's National Cybersecurity Strategy and what it means for software makers and the liability they may face for their creations. They also examine how the Strategy builds upon Executive Order 14028 and the CMMC (Cybersecurity Maturity Model Certification), and whether the reference to DoJ's Civil Cyber-Fraud Initiative is likely to make companies more careful about what they attest to in their first-party attestations. 


Interview with John Banghart


Prior to joining Venable in 2016, John served in a variety of roles spanning risk management, government policy, standards and regulatory compliance, and incident management at Microsoft, the White House National Security Council, and the National Institute of Standards and Technology.


In this episode, Eric and John discuss:

  • Takeaways and conclusions from the Biden Administration's National Cybersecurity Strategy

  • The shifting of cybersecurity liability to software makers and the struggle to enact effective cybersecurity rules

  • How the National Cybersecurity Strategy builds upon Executive Order 14028 and the CMMC

  • How tech companies may approach new cybersecurity regulation (and the safe harbor it may offer)

  • Whether the Strategy's invocation of DoJ's Civil Cyber-Fraud Initiative will compel software vendors to put more scrutiny and time into their cybersecurity attestations 


Find John on LinkedIn:

John Banghart: https://www.linkedin.com/in/john-banghart-b43b6a/

 

Learn more about Venable, LLP:

https://www.linkedin.com/company/venablellp/


Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.

 

If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.

 

To learn more about building a robust software supply chain security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/

Ryan Owen
Previous

The FDA will soon require SBOMs for medical devices. Are you ready? with Larry Pesce, Product Security Research and Analysis Director, Finite State
Next

The SBOM Challenge: Wait ... there was a contest? Who won?? with Matt Wyckhouse, Founder & CEO of Finite State