Tom Alrich

Principal Consultant
Tom Alrich LLC

Tom Alrich is an independent consultant specializing in supply chain cybersecurity and NERC CIP-013 compliance. Tom has consulted in cybersecurity since 2001, working previously for Honeywell and Deloitte. He writes Tom Alrich's Blog, which has a wide following and addresses topics regarding supply chain security for critical infrastructure and more recently software supply chain security.

Since 2020, Tom has actively participated in the efforts to define and implement software bills of materials (SBOMs) under the NTIA and now CISA. He founded the Energy Sector SBOM Proof of Concept under NTIA. In 2022, Tom founded the SBOM Forum, an informal group of SBOM industry leaders dedicated to identifying solutions to the problems currently inhibiting widespread use of SBOMs. The group has already outlined a substantial solution to one of the most critical of those problems, the "naming problem".

Tom lives in Evanston, Illinois and has a BA in Economics from the University of Chicago.