The Cybersecurity Technical Workforce: Clarity Needed

WHAT THE HASH? Data Integrity and Authenticity in American Jurisprudence

Security by Design

You Build It, You Secure It

A Case for Collaboration

Web Application Security: Integration or Extinction

REVOLUTION and EVOLUTION: Fully Homomorphic Encryption

The Differences Between Data, Information, and Intelligence

Security Through Inclusion

INDEPENDENCE & OBJECTIVITY: Fundamental Best Practices for Cybersecurity Assessments

Training and Workforce Development

Author(s):

Chad Carroll, Chief Strategy Officer, Chiron Technology Services, Inc.

Commentary

Author(s):

Hilary MacMillan, EVP for Engineering, CyLogic

Industry & Business Best Practices

Author(s):

Jeff Spivey, CRISC, CPP, PSP, Ret. CEO, Security Risk Management, Inc.

Engineering and Vulnerability Management

Author(s):

Barbara Bouldin, Director of Technologies Research, SJ Technologies

John Willis, Senior Director, Global Transformations Office, Red Hat

Industry & Business Best Practices

Author(s):

Chris Castaldo, Senior Director of Information Security, 2U

Engineering and Vulnerability Management

Author(s):

Helen Korobko, Vice President of Technology Solutions, Svitla Systems

Engineering and Vulnerability Management

Author(s):

David W. Archer, PhD, Principal Scientist, Niobium Microsystems and Galois, Inc.

The Threat and Threat Intelligence

Author(s):

A.J. Nash, Vice President of Intelligence, ZeroFOX

Cybersecurity Policy

Author(s):

Gary Merry, CEO, Deep Run Security Services, LLC

Larry Letow, CEO, U.S., CyberCX

Cybersecurity Policy

Author(s):

Henry J. Sienkiewicz, Faculty, Former CIO, DISA, Georgetown and George Washington Universities

From the Winter 2018 Issue

When the United States Government published the Comprehensive National Cybersecurity Initiative in 2008, cyber education was identified as a critical area of improvement. By 2010, the National Initiative for Cybersecurity Education (NICE) was created. The NICE Team identified four distinct components of the cybersecurity education mission: Awareness, Formal Education (K-20), WorkforceStructure (HR Framework), and Professional … Read more

From the Fall 2017 Issue

Legal battles over compulsory data decryption are making headlines. The publicity will likely continue as encryption technology proliferates in both consumer and enterprise markets. The arguments on both sides of this issue merit careful consideration and discourse before any comprehensive policy decision is made or legal precedent is set. One side argues that alternate decryption … Read more

From the Fall 2017 Issue

A holistic “life cycle” perspective is to prioritize security risk levels of security for the proper governance and management of all security. The future is already here — It’s just not evenly distributed yet. William Gibson, Neuromancer The complexity of protecting our personal and organizational value is increasingly difficult to navigate. Similarly, threats come from … Read more

From the Fall 2017 Issue

Leading to DevOps In 2006 Werner Vogels, Amazon’s CTO, said in an interview with the Association for Computing Machinery (ACM) that developers at Amazon don’t throw software over the wall. His famous quote was “You build it, you run it”. This simple phrase became a battle cry for the DevOps movement.1 In 2017, the process … Read more

From the Summer 2017 Issue

In my many years of working in cybersecurity, I’ve found the only thing that can truly secure an organization is collaboration. The most important part of “people, process, technology” is the people. No one in their right mind would tell you it’s possible to prevent 100% of breaches — but, through powerful internal and external … Read more

From the Summer 2017 Issue

Web applications have become a primary vulnerability for modern business Today, almost every enterprise produces, leverages, transacts business or depends upon web or Cloud enabled software. As a result, web applications have become the number one target for malicious attacks. According to Gartner, 80% of attacks target web applications.1 Often, these attacks exploited easily mitigated … Read more

From the Summer 2017 Issue

More and more computation is being outsourced to public clouds. Cloud computers can be just as vulnerable as any other computer, putting the privacy of sensitive data at risk. As nation-state cyber weapons become increasingly available to amateur and low-level professional cyber criminals, the external threats against those cloud-based systems continue to grow. In addition, … Read more

From the Spring 2017 Issue

Perhaps the most difficult part of the transition from public to private sector for cyber professionals coming out of the US intelligence community (IC) is one of language. Conversations regularly take place in industry settings where the first challenge is ensuring that everyone is speaking the same language. In the IC there are a few … Read more

From the Spring 2017 Issue

It’s not the number of people in your security department, but the number of departments into security, that will make you secure. Creating a secure business is not about replacing part of your business with security functions, it’s about integrating security into business operations, as with any other business function. It’s certainly not about believing … Read more

From the Spring 2017 Issue

« January 2026 »

Cyber professionals generally know one thing – the cyber environment is constantly shifting. New business requirements, end-user needs and technologies change. New devices and applications create or remove vulnerabilities on a daily basis. Attackers respond and adapt as they seek to find exploitable weaknesses within the environment in order to reach an organization’s data. As … Read more

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.