Black Duck Appoints Dom Glavach as New Chief Information Security Officer Amidst Growing Concerns in Software Security
In a notable move within the application security sector, Black Duck has welcomed Dom Glavach as its Chief Information Security Officer (CISO). This appointment comes as the firm recognizes the pressing need for robust security measures in an era where software vulnerabilities can have far-reaching consequences. With over twenty years of extensive experience in enterprise security, national defense, and Software-as-a-Service (SaaS) environments, Glavach is set to lead Black Duck’s security initiatives at a critical juncture for the industry.
The timing of Glavach’s appointment is particularly significant given the current upheaval in software security. The industry has witnessed a spike in supply chain breaches, driven by issues such as dependency abuse, credential misuse, and compromised build pipelines. These vulnerabilities have raised alarms across developer tools, cloud platforms, and various AI-driven systems, leaving organizations struggling to adapt to the escalating threat landscape. By hiring a CISO of Glavach’s expertise, Black Duck underscores its commitment to elevating both application and supply chain security to the executive level, transforming it from what was often considered a back-office technical concern into a priority that demands boardroom attention.
Before his tenure at Black Duck, Glavach honed his skills at CyberSN, where he served as both CISO and Chief Security Strategist. In this dual role, he was responsible for comprehensive aspects of security, including security operations, vulnerability management, governance, risk and compliance, as well as secure product development—managing these elements in a fully remote workforce environment. Prior to that, Glavach spent two decades at Concurrent Technologies Corporation (CTC), regarded as a top-tier Department of Defense contractor. At CTC, he directed compliance programs in alignment with stringent frameworks such as FedRAMP, DFARS, NIST 800-171, and CMMC. Furthermore, he led incident response strategies against nation-state threats, managing operations that were crucial in securing substantial government contracts valued in the tens of millions.
In his new role at Black Duck, Glavach will be tasked with overseeing the company’s global security strategy. This encompasses enterprise security, governance, risk management, compliance, and product security. His responsibilities will also involve collaborating closely with engineering, product, and customer-facing teams in order to weave security practices into both internal operations and the products that Black Duck offers to its clientele. This task has become increasingly urgent as organizations seek to mitigate risks associated with open-source software, AI-generated code, and increasingly fragile software supply chains.
"The intersection of security, software, and national-scale risk has defined Dom’s career," remarked Jason Schmitt, CEO of Black Duck. "His wealth of experience leading security initiatives in high-pressure environments positions him as an invaluable asset to help Black Duck navigate scaling securely while enhancing the industry’s approach to application and supply chain security, especially in this age dominated by AI."
In addition to his credentials as a practitioner, Glavach is an active contributor to the cybersecurity community. He has authored the CyberSN Job Taxonomy and serves as an Adjunct Professor of Cybersecurity at Indiana University of Pennsylvania. His expertise is widely recognized, as he frequently speaks on topics related to AI-enabled defense, cyber workforce management, and contemporary leadership for CISOs.
Reflecting on his new position, Glavach stated, "Black Duck occupies a crucial role in how modern software is developed and secured. As organizations rush to embrace AI and expedite their development processes, security must also evolve correspondingly—without impeding innovation."
In conclusion, Dom Glavach’s appointment as CISO at Black Duck signifies a strategic effort to bolster security initiatives during a precarious time for software integrity and security. As the firm endeavors to safeguard its clients against emerging threats, Glavach’s leadership and vision will likely play a pivotal role in shaping the future of application security in an increasingly complex landscape driven by technological advancements.
This development, thereby, marks a significant step forward for Black Duck as it fortifies its security posture amidst evolving challenges in the software industry. The broader implications of Glavach’s leadership will undoubtedly be observed in how the sector adapts to ongoing security risks while fostering innovation.