Black Duck Taps Defense Vet as CISO to Tackle AI & Supply Chain Threats

BURLINGTON, Mass. – April 09, 2026 – In a move that underscores the escalating stakes of software security, AI-powered application security leader Black Duck has appointed Dom Glavach as its new Chief Information Security Officer (CISO). The appointment comes as organizations globally grapple with a relentless wave of software supply chain attacks and the nascent, complex risks introduced by AI-driven development.

Glavach, a veteran security executive with over two decades of experience spanning national defense and high-growth SaaS, will helm Black Duck's global security strategy. His mandate includes enterprise security, governance, risk, compliance, and the security of Black Duck's own products—a critical role for a company whose business is securing the software of others.

A Strategic Response to a New Era of Risk

The timing of Glavach's appointment is anything but coincidental. The cybersecurity landscape is reeling from a series of sophisticated software supply chain compromises that have shaken confidence in the digital ecosystem. Incidents like the XZ Utils backdoor, a near-miss that threatened the entire Linux ecosystem, and the widespread MOVEit vulnerability exploitation, have served as stark reminders of how a single weak link can trigger a cascade of breaches across industries.

These attacks are growing in both frequency and sophistication. Industry reports show a dramatic surge in attacks targeting open-source package repositories, build pipelines, and developer credentials. Attackers are no longer just exploiting known vulnerabilities; they are actively infiltrating the very processes used to build and distribute software. This shift has elevated software supply chain security from a niche technical issue to a pressing board-level concern, as a single breach can inflict millions in financial losses and cause irreparable brand damage.

Black Duck's decision to hire a CISO with Glavach's background signals a clear recognition of this new reality. By placing a leader with experience in high-stakes national defense environments at the helm, the company is making a statement about the level of rigor required to secure modern software. The move reflects a broader industry trend where the principles of defending against nation-state adversaries are being adapted to protect corporate assets in an increasingly hostile digital world.

The Modern CISO: From Server Room to Boardroom

Dom Glavach's career path embodies the evolution of the CISO role. His experience is not confined to a single domain but represents a fusion of skills now considered essential for modern security leadership.

Prior to joining Black Duck, Glavach served as CISO at CyberSN. Before that, he spent two decades at Concurrent Technologies Corporation (CTC), where he held the CISO role for a top-100 Department of Defense contractor. It was here that he honed his skills against some of the world's most advanced cyber adversaries, leading incident response efforts against nation-state actors and architecting compliance programs for stringent government frameworks like FedRAMP, DFARS, and CMMC.

This background in national defense is particularly relevant today. The tactics, techniques, and procedures once reserved for espionage and military targets are now being deployed against commercial enterprises. Glavach's experience in these high-stakes environments provides him with a unique perspective on building resilient, defense-in-depth security programs.

"Dom has operated at the intersection of security, software, and national-scale risk for his entire career," said Jason Schmitt, CEO of Black Duck. "His experience leading security programs in high-stakes environments makes him uniquely qualified to help Black Duck scale securely while advancing how the industry approaches application and supply chain security in the age of AI."

The increasing regulatory pressure, including the US Executive Order 14028 and the mandatory use of Software Bills of Materials (SBOMs), further highlights the need for leaders who can navigate complex compliance landscapes. Glavach's deep expertise in this area will be crucial as Black Duck and its customers work to meet these new standards of transparency and accountability.

Securing the AI-Powered Assembly Line

Overlaying the existing software supply chain crisis is the explosive growth of artificial intelligence in software development. AI-generated code, AI-powered development tools, and AI models integrated into applications are creating a new, largely uncharted attack surface.

While AI promises to accelerate innovation, it also introduces profound security challenges. AI models can inherit biases, be poisoned with malicious data, or generate code with subtle but critical vulnerabilities. The Open Worldwide Application Security Project (OWASP) has already released a dedicated Top 10 list for Large Language Model (LLM) applications, highlighting unique risks like prompt injection and insecure output handling. Security researchers are also warning of emerging threats like "GenAI Worms"—malicious code that can use AI to self-replicate and spread through interconnected systems.

For a company like Black Duck, which positions itself at the forefront of AI-powered application security, addressing these risks is paramount. Glavach's role will involve not only securing Black Duck's internal use of AI but also ensuring its products are equipped to help customers manage the risks of AI-generated code and AI-driven development. This requires a security strategy that treats AI components with the same scrutiny as any other third-party dependency, demanding provenance, integrity checks, and continuous monitoring.

"Black Duck sits at the center of how modern software is built and secured," said Glavach upon his appointment. "As organizations race to adopt AI and accelerate development, security must evolve just as quickly—without slowing innovation. I'm excited to join Black Duck at a pivotal moment and help customers manage risk with greater clarity, automation, and confidence."

His appointment underscores a critical truth in the modern security landscape: even as technology becomes more automated, the need for seasoned human judgment, strategic foresight, and battle-tested leadership has never been greater. As organizations navigate the dual challenges of a compromised supply chain and the uncharted territory of AI, leaders with Glavach's unique blend of experience will be indispensable.