Get The Lowdown on Supply Chain Risk Management With Lena Smart - Ascent Conference

Get The Lowdown on Supply Chain Risk Management With Lena Smart

The latest research shows that more than 80% of organizations have experienced a data breach as a result of security vulnerabilities in their supply chains.  It’s crucial that all companies understand the risks that can live inside their supply chain and foster a culture of organization-vendor cross-collaboration to be able to prevent and minimize the risks. This is where CISO leaders like Lena Smart step in. 

Lena Smart is the CISO at MongoDB and has more than 20 years of cybersecurity experience from fintech to the New York Power Authority, the largest state power organization in the country. More recently she has worked on supply chain risk management at a few government agencies, Scissor and at SCC which has given her a bird’s eye view of how we can tackle this problem. Furthermore, in light of the SolarWinds hack, Lena believes that it is more important than ever to create a secure environment within the US and globally.

So how do we secure our supply chains?

Businesses need to understand the different moving parts and highlight the risks with each supplier.  Supply chain information risk management should be embedded within existing procurement and vendor management processes. The real key here is to share the information with your peers and customers to ensure everyone is secure.

Lena’s past experience working in a power plant really hammers this home. Critical infrastructure takes the supply chain more seriously especially if you are building a power plant, nuclear power plant, or even a Hydro plant. You have to be aware of the provenance of each piece of equipment that comes into the building right down to the screws. Plus, the Federal Government has over 13 policies that you have to adhere to including training and code integration to secure the power industry. 

The supply chain as a whole is only truly secure when all entities throughout the supply chain carry out effective, coordinated security measures to ensure the integrity of supply chain data, the safety of goods, and the security of the global economy.

So how do SaaS companies fit into this risk?

MongoDB works with a number of SaaS companies and to a certain extent businesses can control who they are buying their software from. It’s when you get down to the nitty-gritty that you need to ask certain questions around the source code – who does the code reviews? What is your code lifecycle? for example. This is where you need a robust onboarding process that follows particular industry rules.  Also, mapping the flow of information and keeping an eye on key access points will unquestionably remain crucial to building a more resilient information system. 

As organizations and their partners are increasingly becoming interconnected, cybersecurity risks can endanger all parties involved. And even when your business is protected by sophisticated security tools, you may never be certain your suppliers also have the same methods of protection in place. This is why you should never ignore any potential supply chain cybersecurity risks when it comes to protecting your company and sensitive information. Ultimately, there needs to be trust and constant communication between all third parties

 What about code checking?

Do you know who checks your code? How do you Prove Your Code is 100% Accurate? Lena will be discussing this in-depth at our Spotlight on Cybersecurity event on April 7. Tune in to the Supply Chain Risk Management session to find out more at 1:30 PM – 2:15 PM EDT.

Privacy Notice

This privacy notice discloses the privacy practices for ( This privacy notice applies solely to information collected by this website. It will notify you of the following:

  • What personally identifiable information is collected from you through the website, how it is used and with whom it may be shared.
  • What choices are available to you regarding the use of your data.
  • The security procedures in place to protect the misuse of your information.
  • How you can correct any inaccuracies in the information.

Information Collection, Use, and Sharing

We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.

We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g. to ship an order.

Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.

Your Access to and Control Over Information

You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number given on our website:

  • See what data we have about you, if any.
  • Change/correct any data we have about you.
  • Have us delete any data we have about you.
  • Express any concern you have about our use of your data.


We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.

Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a lock icon in the address bar and looking for “https” at the beginning of the address of the Web page.

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.

If you feel that we are not abiding by this privacy policy, you should contact us immediately via telephone at 202-256-9707 or [email protected].