The real hidden insider threat within every organization. “They was (sic) firing me. I just beat them to it. Nothing personal, the upper management need to see what they guys on the floor is capable (sic) of doing when they keep getting mistreated. I took one for the team. Sorry if I made my peers … Read more
Ask an average person if they know what blockchain is and you’ll likely get a deer-in-the-headlights look. Ask the same person if they know about Bitcoin and their eyes light up. Cryptocurrencies, like Bitcoin, are the most widely recognized technologies leveraging blockchain today. Cryptocurrency markets dominate the media and many want to invest in them … Read more
When the United States Government published the Comprehensive National Cybersecurity Initiative in 2008, cyber education was identified as a critical area of improvement. By 2010, the National Initiative for Cybersecurity Education (NICE) was created. The NICE Team identified four distinct components of the cybersecurity education mission: Awareness, Formal Education (K-20), WorkforceStructure (HR Framework), and Professional … Read more
Legal battles over compulsory data decryption are making headlines. The publicity will likely continue as encryption technology proliferates in both consumer and enterprise markets. The arguments on both sides of this issue merit careful consideration and discourse before any comprehensive policy decision is made or legal precedent is set. One side argues that alternate decryption … Read more
A holistic “life cycle” perspective is to prioritize security risk levels of security for the proper governance and management of all security. The future is already here — It’s just not evenly distributed yet. William Gibson, Neuromancer The complexity of protecting our personal and organizational value is increasingly difficult to navigate. Similarly, threats come from … Read more
Leading to DevOps In 2006 Werner Vogels, Amazon’s CTO, said in an interview with the Association for Computing Machinery (ACM) that developers at Amazon don’t throw software over the wall. His famous quote was “You build it, you run it”. This simple phrase became a battle cry for the DevOps movement.1 In 2017, the process … Read more
In my many years of working in cybersecurity, I’ve found the only thing that can truly secure an organization is collaboration. The most important part of “people, process, technology” is the people. No one in their right mind would tell you it’s possible to prevent 100% of breaches — but, through powerful internal and external … Read more
Web applications have become a primary vulnerability for modern business Today, almost every enterprise produces, leverages, transacts business or depends upon web or Cloud enabled software. As a result, web applications have become the number one target for malicious attacks. According to Gartner, 80% of attacks target web applications.1 Often, these attacks exploited easily mitigated … Read more
More and more computation is being outsourced to public clouds. Cloud computers can be just as vulnerable as any other computer, putting the privacy of sensitive data at risk. As nation-state cyber weapons become increasingly available to amateur and low-level professional cyber criminals, the external threats against those cloud-based systems continue to grow. In addition, … Read more
Perhaps the most difficult part of the transition from public to private sector for cyber professionals coming out of the US intelligence community (IC) is one of language. Conversations regularly take place in industry settings where the first challenge is ensuring that everyone is speaking the same language. In the IC there are a few … Read more
