From the Winter 2024 Issue

,

It’s Time for Intelligence Teams to Recommend Operational Changes

Author(s):

A.J. Nash, Vice President of Intelligence, ZeroFOX

AJ Nash winter 2022

Increased Focus on Configuration Management and Crown Jewels is Vital to Success Many experts​​ in cybersecurity talk about the need for “intelligence-driven security,” but most consumers don’t know what to do with the Intelligence they are paying for​ or how to measure the value of the actions taken as a result of that Intelligence. This may be somewhat expected for … Read more

From the Winter 2024 Issue

,

What is Cyber Leadership?

Author(s):

Diane M Janosek, PhD, Esq, CISSP, CEO, JANOS LLC

What is Cyber Leadership?

The Case Study of the 2021 Hacking of a Florida Water Treatment Plant We often hear “cyber” and often hear “leadership”. So, what is “cyber leadership” and how is it any different than leading any other senior position in business? First, let us define cyber as a noun with both tangible and intangible aspects.  Cyber … Read more

From the Winter 2024 Issue

,

Avoiding Phantom Risk – Chasing Exploitability, Not Vulnerability

Author(s):

Alex Haynes, CISO , IBS Software

exploitability

The gravest warning a pen test report could contain are the words “The host may be vulnerable to remote code execution”.  It is hard to know what that immediately means. Did they get system access on a host? Nope. Was there a public exploit available for that version of software that enabled remote code execution? … Read more

From the Winter 2024 Issue

,

QKD versus PQC: A Quantum Showdown? Part 2

Author(s):

Hilary MacMillan, EVP for Engineering, CyLogic

QKD versus RQC

This is part two of a two-part article on secure key distribution in a post-quantum world.  Part one focused on Quantum Key Distribution (QKD) as a method to securely distribute encryption keys.  This article will focus on Post-Quantum Cryptography (PQC), which seeks new quantum-resistant (i.e., hypothesized, but can’t be proven, to be secure against) cryptographic … Read more

From the Winter 2024 Issue

,

QKD versus PQC: A Quantum Showdown? Part 1

Author(s):

Hilary MacMillan, EVP for Engineering, CyLogic

HilaryMacMilan-feature-wn19

The need for communications confidentiality has existed since humans developed language. Accounts of the Greco-Persian wars in fifth century B.C. described steganography, (hiding the existence of a message). Cryptography, on the other hand, hides a message’s meaning. The cryptographic task of encryption enables a sender to “scramble” a message’s content, rendering it unreadable to anyone … Read more

From the Winter 2024 Issue

,

Information Integrity and National Identity

Author(s):

Adam Firestone, Editor-in-Chief , United States Cybersecurity Magazine

History defines who we are and informs how Americans chart the nation’s future. It underpins representative government. Increasingly, historical records and documents are being converted to digital formats. This promises to make essential information available to more Americans than before. There are also troubling implications. It takes only a cursory examination of recent events to … Read more

From the Winter 2024 Issue

Navigating the Cybersecurity Landscape: College Students and the Role of Professors in Preparation

Author(s):

Rafael Hocker, Graduate Student, Oklahoma State University

Cybersecurity has become a critical facet of our lives in the digital age and is often described as the fifth dimension of warfare (Land, Sea, Air, Space, and now, Cyberspace). A recent Forbes article, published on December 5, 2023, delves into the multifaceted world of cybersecurity, urging college students to recognize its significance and advocating … Read more

From the Winter 2024 Issue

How to Separate the Good SOCs from the Bad

Author(s):

Julia Girardi, Senior Consultant, CyberCX

How to Separate the Good SOCs from the Bad

Security Operations Centers (SOCs) typically provided by Managed Security Services Providers (MSSP) can be a valuable asset to help protect a company against cyber threats and to help them to operate securely. With so many providers in the marketplace and many organizations having adopted an outsourced SOC arrangement, how can your organization tell if its … Read more

From the Winter 2024 Issue

How is Generative AI a Bigger Security Concern Than a Benefit?

Author(s):

Shigraf Aijaz, Cybersecurity Writer and Journalist,

Generative AI Security Concern

The rapid rise and development of generative AI, such as ChatGPT, Google Bard, or even Microsoft Bing, has revolutionized how we interact and view AI. These LLM chatbots have significantly made lives more manageable, providing every individual and business with a fast and improved method to execute repetitive tasks. However, despite all their benefits, these … Read more

From the Winter 2024 Issue

Cyber McCarthyism – The Third Red Scare

Author(s):

Chris Pogue, Director, Digital Forensics and Incident Response, CyberCX

Cyber McCarthyism

McCarthyism, also known as the Second Red Scare, refers to the political repression and persecution of various politicians, government employees and military personnel, in an attempt to spread the fear of alleged communist and Soviet influence on American institutions and of Soviet espionage in the United States during the late 1940s through the 1950s.  After the mid-1950s, Senator Joseph McCarthy, who had … Read more