Access: Open

From the Winter 2020 Issue

Threat Modeling: Methodologies, Myths, and Missing Perspectives

Author(s):

Hilary MacMillan, EVP for Engineering, CyLogic

Threat Modeling

On April 10, 2014, citizens of Ghaziabad, a city near Delhi, India, cast their ballots for parliamentary elections using electronic voting machines. The machines – and the votes they held – had to be stored in a secure location for a month, until vote counting was set to begin.  When planning, election officials accounted for … Read more

From the Spring 2019 Issue

Female Veterans–Ready to Fill Cybersecurity Jobs!

Author(s):

Dr. Amelia Estwick, Program Director, National Cybersecurity Institute at Excelsior College

Female Veterans

Current State of the Cybersecurity Industry Our nation’s robust cybersecurity industry will grow from $75 billion in 2015 to $170 billion by 20201. Additionally, the United States White House Administration’s 2019 budget has allocated approximately $15 billion in spending to fund critical initiatives and research in the cybersecurity space, up from $14.4 billion in 2018 … Read more

From the Fall 2018 Issue

40% Of Breaches are Related to Credit Card Data: Is Payment Software Secure?

Author(s):

Kelvin O. Medina, Principal Security Consultant, Trustwave

credit-card-data-security-86491586

Forty percent of the data breaches for 2017 were reported as involving credit card data, according to the 2018 Trustwave Global Security Report.1 The data breaches analyzed used attacks such as phishing/social engineering, malicious insiders, and misconfigurations. This is illustrated below in Figure 1: Methods of Compromise2. Those numbers likely do not include hundreds of … Read more

From the Fall 2018 Issue

The Paradox of Infosec and the Dropping of a Socket

Author(s):

Gina Yacone, Director of Sales, Braintrace

Data-Breach-Paradox-header

On Sept. 19, 1980, near the small town of Damascus, Arkansas, someone dropped a socket, and it caused a breach. In terms of breaches, it was nuclear! Paradoxical as it may seem, the story of the 1980’s Damascus Titan II explosion showcases how a simple error parallels that of a significant breach of a company’s … Read more

From the Fall 2018 Issue

Modern Data Security: Worse Than you Think

Author(s):

Dr. Edward Amoroso, CEO, TAG Cyber

Amoroso-article-header

Imagine that under some bizarre set of circumstances, a local high school football team is forced to compete against the New England Patriots. Imagine further that the victory stakes for these teenagers are enormous, perhaps even life or death. Let’s complete this nightmare situation with an understanding that the NFL team will not let up … Read more

From the Summer 2018 Issue

Tell it to the Marines: Leadership Principles and Network Security

Author(s):

Henry J. Sienkiewicz, Faculty, Georgetown University

Tom Costello, Network & Systems Technician, XR Trading LLC

BAMCIS

It’s after-hours on a Friday. You are talking a remote employee through installing a next-generation firewall. No traffic is passing through the network and now you’re stuck on the project until it’s fixed. Weekend off-hours maintenance windows in the name of improving cybersecurity posture can be some of the most high-stress, high-risk, low-morale projects undertaken … Read more

From the Summer 2018 Issue

Tackling the Gorilla: The C-Suite’s Role in Cyber Risk

Author(s):

R. “Montana” Williams, Founder and Managing Partner , Titan Rain Cybersecurity, LLC

tackling-the-gorilla-header

Over the last five years, cyber risk management has become one of the top five organizational challenges facing organizations in all sectors, globally.1 Advances in information and computing technology have outpaced the capabilities of enterprise security protections. Understanding cyber risks is critical to the survival of enterprises in a globally linked marketplace. To tackle the … Read more

From the Summer 2018 Issue

Cybersecurity Compliance: Defending Your Small Business

Author(s):

Joy Galliford, Vice President of Cyber Programs, Joy Galliford

Young-hacker-in-data-security--168105173

We see it in the news almost daily — malicious cyber activity, security breaches, and privacy violations. But that only impacts large enterprises like Target, Citibank, and Facebook, right? Wrong. In an ever-evolving digital world, small businesses have their own set of cybersecurity responsibilities that must be met in order to do business. This is … Read more

From the Spring 2018 Issue

NotPetya Holds Up a Stop Sign for FedEx

Author(s):

Barbara Bouldin, Director of Technologies Research, SJ Technologies

notpetya-feature-image

What Happened On June 27, 2017 the NotPetya malware hit the Ukraine, targeting Kyivenergo, an electric power supplier to Kiev. NotPetya went on to hit a shipping company, Maersk, a pharmaceutical company, Merck, and a delivery and distribution company, TNT Express, a subsidiary of FedEx. Employees in the TNT Express offices faced displays of a … Read more

From the Spring 2018 Issue

Crowdsourced Security – An Alternative to Pentesting?

Author(s):

Alex Haynes, CISO , IBS Software

cheshire-feature-image

Crowdsourced security programs have grown in popularity to the point where some enterprises have dispensed with traditional pentesting, using the crowdsourced model exclusively for auditing the security of their applications and infrastructure. What is Crowdsourced Security? Crowdsourced security methodologies invite a group of people (a crowd) to test an asset for vulnerabilities. The number of … Read more