Issue: Summer 2021

From the Summer 2021 Issue

Addressing Malicious Websites Through Human Security Engineering

Author(s):

Ira Winkler, CISSP, CISO, Author, Skyline Technology Solutions

Addressing Malicious Websites Through Human Security Engineering

In the Spring 2021 issue of the United States Cybersecurity Magazine, “Human Security Engineering: A New Model for Addressing the “User Problem” I highlighted the strategy of Human Security Engineering to address the User Initiated Loss (UIL). To summarize briefly, UIL is the concept that a user does not actually create a loss, but may … Read more

From the Summer 2021 Issue

A (very) Brief Introduction to Open Source Intelligence (OSINT)

Author(s):

Nihad A. Hassan, Author , OSINT.link

A (very) Brief Introduction to Open Source Intelligence (OSINT)

Introduction Open Source Intelligence (OSINT) is a collective term used to describe all techniques and tools used to harvest information from publicly available resources in a timely manner to support a specific intelligence requirement. There was no particular date when the term OSINT was first coined; however, the act of gathering intelligence from publicly available … Read more

From the Summer 2021 Issue

The Subtle Sabotage of Blame in Cybersecurity and Online Safety

Author(s):

Tim McGuinness, Ph.D, Director , SCARS - Society of Citizens Against Relationship Scams Inc.

subtle-sabotage-of-blame

We All Do It, We All Blame Someone for Something Sometimes it is justified, sometimes there is cause, and it is very hard to remove it from your vocabulary – but it is always destructive. We recently heard a cybersecurity training professional tell a story about motivating a corporate team to do better with cybersecurity. … Read more

From the Summer 2021 Issue

Zero Trust: Is It All It’s Cracked Up To Be Or Is It Hype? Or A Bit of Both?

Author(s):

Tina Gravel, SVP Global Channels and Alliances , Appgate

Zero Trust

Few enterprise security technologies have garnered as much attention and hype as Zero Trust over the past decade. Yet, despite all the buzz, there remains a great deal of confusion and uncertainty in the market – is Zero Trust a framework, a reference architecture, or an actual technology? Does the Zero Trust model match the … Read more

From the Summer 2021 Issue

So, You Want to be a Threat Hunter?

Author(s):

Ray Espinoza, CISO, Cobalt

Threat Hunter

The general goal of threat hunting is to actively identify attackers who have made it past an organization’s cyber-defenses so those infiltrators can be halted before significant damage is done. You can think of threat hunters almost like detectives, on a race against time to catch cybercriminals as quickly as possible. As you can imagine, … Read more

From the Summer 2021 Issue

New Executive Order Knocks Down Old Barriers

Author(s):

James Everett Lee, Chief Operating Officer, The Identity Theft Resource Center

New Executive Order

Southwest Airlines (SWA), Flight 1380, was climbing through 32,000 feet on the morning of April 17, 2018. At approximately 11:03 am, fan blade No. 13 of the left engine shattered along a previously undetected stress fracture. A 12-inch section, weighing about 6.825 pounds and a two-inch section of a fan blade weighing .650 pounds, separated … Read more

From the Summer 2021 Issue

More Federal Cyber Tools Doesn’t Equal Better Security

Author(s):

Colby Proffitt, Cybersecurity Strategist, Netskope

More Federal Cyber Tools Doesn't Equal Better Security

Do you know how many security tools your agency has? A new survey finds nearly half of federal cybersecurity managers say their agency has between 11 and 25 security tools in their toolkit. But few are confident in their tools’ ability to provide real-time data, accurate data, and the right data to reduce risk. And … Read more

From the Summer 2021 Issue

Accelerating Critical Infrastructure Security in The Energy Sector

Author(s):

Chuck Brooks, President , Brooks Consulting International

Accelerating Critical Infrastructure Security in The Energy Sector

Critical energy infrastructure has been under siege by threat actors. The May 7, 2021, cyberattack against Colonial Pipeline is illustrative of the growing impact of cyberthreats on the energy sector and the need to prioritize cyber-defenses. “Senators Maggie Hassan (D-N.H.) and Ben Sasse (R-Neb.) recently introduced legislation called The National Risk Management Act that is intended to protect … Read more

From the Summer 2021 Issue

Developing Gamification and E-sports for Space and Cybersecurity Skills Development

Author(s):

-William J. "Bill" Britton, Vice President of Information Technology and Chief Information Officer, California Polytechnic State University

Danielle Borrelli, Operations Coordinator & Program Lead for the Trafficking Investigations Hub , California Cybersecurity Institute

Developing Gamification

Last year, the United States saw a record high number of cyber-attacks impacting businesses, government entities, and individuals. Sophisticated threat actors continue to produce and enhance attacks that cripple critical infrastructure, with SolarWinds being the latest example. According to IDG Research Services, 80% of senior IT and IT security leaders believe their organizations are not … Read more

From the Summer 2021 Issue

Chesapeake Science & Security Corridor Supports Army Readiness, Resilience Through Networked Defense Industry Base and CMMC Framework

Author(s):

Karen Holt, Deputy Director and Federal Installation Administrator, Harford County Government, MD

Chesapeake-Science-&-Security-Corridor-Supports

The Chesapeake Science and Security Corridor (CSSC)’s epicenter is Harford County, MD, home to Aberdeen Proving Ground (APG). Inside the gates of this 100+ tenant Department of Defense (DoD) Research, Development, Test & Evaluation (RDT&E) megabase are six Centers of Excellence including C5ISR, and the highest concentration of advanced degrees on a U.S. military installation. … Read more