Issue: Fall 2021

From the Fall 2021 Issue

Why We Haven’t Solved the Problem of Too Many Software Bugs

Author(s):

James Everett Lee, Chief Operating Officer, The Identity Theft Resource Center

Software Bugs

If you needed a microcosm of the challenges currently facing the cybersecurity world, three events in the summer of 2021 summed it up well: Oracle and Microsoft (and others) issued patch updates to fix the usual number of CVEs. Gartner predicted a record level of global cybersecurity investment this year. A group of application security … Read more

From the Fall 2021 Issue

A Software Bill of Materials Is Critical for Comprehensive Risk Management

Author(s):

Dr. Georgianna Shea, Chief Technologist for Center on Cyber and Technology Innovation and TCIL, The Foundation for Defense of Democracies

A software Bill of Material

Executive Summary Very little software is entirely original. Software developers use existing, open-source, and commercially available software components to create new products. On average, 75 percent of a software product is open-source code, according to the 2021 Open-Source Security and Risk Analysis Report. This presents a cyber-risk management problem. The customer cannot effectively manage assets … Read more

From the Fall 2021 Issue

Exploring the Differences Between Bug Hunters and Pentesters

Author(s):

Aditya Agrawal, Core Lead Pentester, Cobalt

Exploring The Differences Between Bug Hunters and Pentesters

In the following, we’ll talk about how to transition from a Bug Hunter to a Pentester. It’s important to note that this content is intended to be an objective comparison with a real person’s experiences. These professions have individual pros/cons that add value to the security industry as a whole.  It’s not uncommon to meet … Read more

From the Fall 2021 Issue

Cyber Hedging: How Cybercriminals May Capitalize on a Decrease in Ransomware Payments by Short Selling Victim Companies

Author(s):

Christian George, Lead Engineer, Booz | Allen | Hamilton

Cyber Hedging

As the country is still reeling from the onslaught of ransomware attacks throughout 2021, there have been a series of new developments relating to the Tactics, Techniques, and Procedures (TTPs) of these cybercriminal groups carrying out the attacks. While many of these new TTPs have been technology based, there has been one that is financially … Read more

From the Fall 2021 Issue

Cultivating Greater Cyber ROI for Cyber Resilience

Author(s):

Michael A. Echols CISSP, MBA, CEO, Max Cybersecurity LLC

Cultivating Cyber ROI for Cyber Resilience

Cyber malfeasance and what most people call “hacking” has increased against critical services providers since the beginning of the COVID-19 pandemic. The insecurity of critical systems and victimization of people who use them is growing exponentially also. The continuous digital modernization push exacerbates the issue and is leaving system owners looking for new approaches to … Read more

From the Fall 2021 Issue

Biden Orders Endpoint Detection and Response (EDR) Initiative

Author(s):

Dr. Scott Jasper, Senior Lecturer, Captain, U.S. Navy, Retired, Naval Postgraduate School

Biden Order EDR

President Biden signed an Executive Order in May 2021 to improve the Nation’s cybersecurity.  It claims the United States “faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector [and] the private sector.”  The Executive Order was released only months after the SolarWinds Supply Chain campaign was revealed by the cybersecurity firm, … Read more

From the Fall 2021 Issue

Wyoming Takes a Holistic Approach in Cybersecurity Standards for Businesses, Expanding Connections, and Creating Jobs

Author(s):

Evan Corcoran, Founder, Tracing Buffalo News

Cybersecurity is a growing concern for companies of all sizes, so the public, private and non-profit sectors in Wyoming are teaming up to defend against cyber-attacks.  As the critical assaults on American infrastructure via the Colonial Pipeline and the meat producer, JBS, demonstrate, data breaches have become common. Businesses are being forced to take a … Read more

From the Fall 2021 Issue

Trade-Offs of Convenience: Social Logins, Password Managers and Other Single Points of Failure in User Authentication

Author(s):

Tina Gravel, SVP Global Channels and Alliances , Appgate

Trade Offs of Convenience

As every experienced CSO understands all too well, security is a continuous exercise in evaluating and balancing a nexus of trade-offs between risk, cost, and user experience. This calculation becomes especially tricky when it comes to weighing the trade-offs between how to properly authenticate a user and do so without degrading their experience. If you … Read more

From the Fall 2021 Issue

How to Manage Challenges of Cloud Migration and Microsoft Vulnerabilities

Author(s):

Chris Jordan, CEO, Fluency Security

How to Manage Challenges of Cloud Migration & Microsoft Vulnerabilities

As a leading provider for users looking to rely on cloud and SaaS services, Microsoft clearly has a huge presence spanning nearly every industry and geography. However, many users are unaware of the additional services needed to protect cloud-based data. Since Microsoft only offers security services as premium add-ons, there is a lack of clarity … Read more

From the Fall 2021 Issue

The Cyber-Hygiene Mantra

Author(s):

Chuck Brooks, President , Brooks Consulting International

The Cyber Hygiene Mantra

National Cybersecurity Awareness Month is a good time for everyone to review the importance of the basics of defending their data and devices from cyber-attackers. Cyber-hygiene is a starting point to build those fortifications. Back in 2017, Congress passed legislation (HR3010) called “Promoting Good Cyber Hygiene Act of 2017”.  It was introduced to implore the … Read more