Overview What You Will Learn Curriculum Instructor

Course Overview

The U.S. Presidential Executive Order (EO) published on May 12, 2021, was a call to strengthen the security of the nation’s software supply chain in response to the supply chain attack on SolarWinds. Among the requirements in the EO is a requirement for vendors to provide a Software Bill of Materials (SBOMs) for all software sold to the Federal Government. This requirement in the EO is already popularizing SBOM generation across the software industry.

SBOMs provide software transparency, software integrity, and software identity benefits. Here is a bit about each:

  • Software Transparency: SBOMs provide a list of ingredients used in the creation of software, such as open-source software (OSS), components, and potentially even build tools. This enables producers and consumers to better inventory and evaluates license and vulnerability risk.
  • Software Integrity: While code signing is still the industry standard for trusting software and its integrity, SBOMs contain package and file checksums to enable software consumers to validate the hashes, which can be useful in scenarios when signatures aren’t present.
  • Software Identity: When vulnerabilities (CVEs) are created, they are assigned to a Common Platform Enumeration (CPE) identifier. An example is “Microsoft Office 365” as the identity for the software that a CVE impacts. However, this is not specific enough and the industry is interested in moving away from CPEs – and SBOMs (and the unique software identifiers within) are well positioned to better serve as a more accurate form of software identity.

What You Will Learn

  • Understand the purpose of an SBOM and regulatory requirements
  • Familiarize with Threat landscape and how SBOMs help in the same.
  • Learn how to interact with an SBOM
  • Understand how to generate an SBOM
  • Learn How to leverage an SBOM to improve vulnerability management and incident response

Program Curriculum

  • Background and Regulatory Requirements
  • Diving Into SBOM Content
  • SBOM Generation Considerations
  • $7 Million Cybersecurity Scholarship by EC-Council
  • Chapter 1 Quiz

  • Demo of SBOM Generation at Build-Time
  • SBOM Distribution Scenarios
  • Advanced SBOM Generation Scenarios
  • Chapter 2 Quiz

  • Open-Source Software (OSS) Threats
  • SBOMs and Vulnerabilities
  • Vulnerability Exploitability, and Responding to an Incident
  • Chapter 3 Quiz

  • Supply Chain Threats and Signing SBOMs
  • The Role of SBOMs in Securing the Software Supply Chain
  • Chapter 4 Quiz
Load more modules

Instructor

Adrian V. Diglio

Adrian Diglio is the Principal PM Manager of the Secure Software Supply Chain team at Microsoft. He drives the central strategy for securing Microsoft’s software supply chain end-to-end, and the Software Bill of Materials (SBOMs) is one piece of that overall strategy. As such, he helped lead the SBOM implementation at scale across Microsoft using the Software Package Data Exchange (SPDX) ISO Standard specification. He’s authored two Microsoft blog posts about generating SBOMs at Microsoft, and open sourcing their SBOM Tool. Prior to the U.S. Presidential Executive Order 14028, he and other Microsoft representatives worked with the Consortium for Information and Software Quality (CISQ) Tool-to-Tool SBOM industry working group, where he led the development of the vulnerability schema sub-group. The Tool-to-Tool SBOM working group later merged with SPDX to form the basis of SPDX 3.0 next-generation specification, and he’s been engaged in SPDX’s weekly and monthly working groups ever since. Then, in response to the U.S. Presidential Executive Order, he led the internal initiative to ensure that Microsoft software-generated SBOMs to conform their requirements and worked with teams across Microsoft to implement the tool into different build environments, drive compliance across the company, and develop the SBOM tooling specifications to support a wide variety of scenarios. He has a BA from California Polytechnic University Pomona and an MBA from San Diego State University (SDSU). He has numerous professional certifications, including Security+, CISSP, GCED, PMP, and OSWP.

Join over 1 Million professionals from the most renowned Companies in the world!

certificate

Fastest Way to Level Up Your Cybersecurity Skills

Invest in your future with flexible subscription plans that give you access to the world’s largest online cybersecurity course library. Whether you're exploring cybersecurity courses for beginners or advancing your expertise,
access in-demand courses, practical labs, and CTF challenges designed to support continuous learning.

Monthly Plans
Annual Plans
Save 20% with our annual plans!

Pro

Build your cybersecurity skills with 900+ bite-sized courses and curated learning paths designed for continuous learning.

$ 69.00
Billed monthly or $599.00 billed annually
Get Started Now
Start your 7-day trial for $1

What is included

  • 880+ Premium Short Courses
  • 70+ Structured Learning Paths
  • Validation of Completion with all courses and learning paths
  • New Courses added every month
Early Access Offer

Pro +

Develop real-world cybersecurity skills through hands-on labs and CTF challenges designed for practical learning.

$ 79.00
Billed monthly or $699.00 billed annually
Get Started Now
Start your 7-day trial for $1

Everything in Pro, Plus:

  • 1600+ Hands-on lab exercises with guided instructions
  • 150+ CTF Challenges with detailed walkthroughs
  • New Hands-on Labs and Challenges added every month

Related Courses

  • Bootstrap 4 Quick Website Bootstrap Components Course
    Short Course

    Bootstrap 4 Quick Website Bootstrap Components Course

    Software Development

    Explore the basics of Bootstrap and learn to create a website...

    $49.99

    Beginner

    1 hr 30 m

  • CCNA - Understanding Routers and Switches
    Short Course

    CCNA - Understanding Routers and Switches

    Security Architecture and Operations

    A comprehensive guide to understanding the in-depth functioni...

    $49.99

    Intermediate

    2 hr 0 m

  • The Complete Full-Stack JavaScript Course
    Short Course

    The Complete Full-Stack JavaScript Course

    Software Development

    Learn full-stack web development using JavaScript (ReactJS, N...

    $79.99

    Beginner

    24 hr 17 m

  • React.JS for Ecommerce: Building a Store with React.JS
    Short Course

    React.JS for Ecommerce: Building a Store with React.JS

    DevSecOps

    From React.js Fundamentals to Crafting an Online Storefront

    $49.99

    Advanced

    3 hr 30 m

  • CISSP Certification Domains 5, 6, 7, and 8 Video Training
    Short Course

    CISSP Certification Domains 5, 6, 7, and 8 Video Training

    Cybersecurity

    This course is ideal for individuals who desire to pass the I...

    $69.99

    Intermediate

    6 hr 30 m

  • Helm 3 - Package Manager for Kubernetes
    Short Course

    Helm 3 - Package Manager for Kubernetes

    Software Development

    A must tool for every DevOps engineer

    $49.99

    Intermediate

    1 hr 27 m

  • Learn Ethical Hacking by Hacking Real Websites Legally
    Short Course

    Learn Ethical Hacking by Hacking Real Websites Legally

    Vulnerability Assessment and Pentesting

    Fun way to learn ethical hacking by playing online hacking ga...

    $69.99

    Beginner

    4 hr 18 m

  • Mastering Ansible Playbooks: Debugging and Security
    Short Course

    Mastering Ansible Playbooks: Debugging and Security

    Software Development

    Securing and Automating Linux and Windows Systems with Advanc...

    $99.99

    Advanced

    5 hr 34 m

1 50
View all