Application security firm Black Duck has appointed Dom Glavach as its new Chief Information Security Officer, bringing in a seasoned executive with more than two decades of experience spanning enterprise security, national defence, and SaaS environments.
The hire comes at a turbulent time for software security. Dependency abuse, credential misuse, and compromised build pipelines have triggered a wave of supply chain breaches affecting developer tools, cloud platforms, and AI-driven systems, and organisations are struggling to keep pace. Black Duck’s decision to bring in a CISO of Glavach’s calibre signals that application and supply chain security is increasingly being treated as a board-level concern rather than a back-office technical problem.
Glavach steps into the role from CyberSN, where he held the dual title of CISO and Chief Security Strategist, overseeing security operations, vulnerability management, governance, risk and compliance, and secure product development across a fully remote workforce. Before that, he spent two decades at Concurrent Technologies Corporation (CTC), a top-100 Department of Defence contractor, where he led compliance programmes aligned with FedRAMP, DFARS, NIST 800-171, and CMMC, and directed incident response against nation-state adversaries, work that underpinned tens of millions of dollars in secured government contracts.
At Black Duck, he will take ownership of the company’s global security strategy, covering enterprise security, governance, risk and compliance, and product security. He will work closely with engineering, product, and customer-facing teams to embed security across both internal operations and the platforms Black Duck delivers to customers, an increasingly pressing task as organisations grapple with risks from open source software, AI-generated code, and fragile software supply chains.
“Dom has operated at the intersection of security, software, and national-scale risk for his entire career,” said Jason Schmitt, Black Duck’s CEO. “His experience leading security programmes in high-stakes environments makes him uniquely qualified to help Black Duck scale securely while advancing how the industry approaches application and supply chain security in the age of AI.”
Beyond his practitioner credentials, Glavach is an active voice in the security community. He authored the CyberSN Job Taxonomy, teaches as an Adjunct Professor of Cybersecurity at Indiana University of Pennsylvania, and speaks regularly on AI-enabled defence, cyber workforce risk, and modern CISO leadership.
“Black Duck sits at the centre of how modern software is built and secured,” said Glavach. “As organisations race to adopt AI and accelerate development, security must evolve just as quickly — without slowing innovation.”
