Greetings, Welcome to the Winter 2021 issue of the United States Cybersecurity Magazine! As always, we’d like to take a moment to thank our supporters, members, sponsors, contributors and everyone else who makes the magazine possible. All of us here at the United States Cybersecurity Magazine remain committed to bringing you, our readers, the best … Read more
Hello, Tell me the truth. Am I the only one, who, upon learning about the Solar Winds breach, was humming a Whitesnake song from 1982? As the song says: Here I go again on my own Goin’ down the only road I’ve ever known While the jury’s still out on whether I’m a drifter, if … Read more
Hard Truths Members of the cybersecurity industry need to face a few hard truths: The perimeter as we know it is rapidly dissolving. Your data must now traverse known and unknown (i.e., untrusted) infrastructure and operate on devices no longer considered “corporate”. Identity is the new perimeter – no longer constrained by static routing tables … Read more
To stay competitive in the new “Age of Agile”, many DevOps teams are pushing new code releases more frequently than ever before. In fact, according to Statista, 27% of organizations release software on a daily basis and 24% release software weekly. The problem, however, is that in these scenarios, security, particularly pentesting, ceases to fit into … Read more
The concept of ransomware is not new – not even for this century. Rather, it’s an old crime that has evolved with the advent of the computer age and the need to conduct business online. Ransom crimes (i.e. holding something of value hostage) have been around for thousands of years. But now, with the introduction … Read more
As the world continues to struggle with the COVID-19 pandemic, the emergence of telehealth as a primary method of healthcare has revealed that there are vulnerabilities of telehealth systems. This new development has turned the spotlight on patient health data, highlighting them as a target for hackers. Hospitals, research institutions, and pharmaceutical companies continue to … Read more
Real-time data, not more tools, critical to reduce risk and make better cyber decisions The job of the Chief Information Security Officer (CISO) has become much more complex over the last decade. With every advance in technology, the amount of risk facing most organizations has also increased. CISOs – as well as Chief Risk Officers … Read more
Successfully predicting, preventing, detecting, responding, and recovering from cyber-attacks requires you to have in-depth knowledge of the attacker, their tactics, and their techniques. While most organizations operate with some level of threat intel, some still haven’t embraced automation as a way to operationalize intel for the validation of TTPs and IOCs against their security tools, … Read more
In the Spring of 2019, several organizations worked together to create a forum paper called DevOps Automated Governance.[1] The paper intended to create a reference architecture around Governance, Risk, and Compliance (GRC) and an automated process while simultaneously building off of some of the successful DevOps software delivery patterns (e,g, CI/CD, Pipelines, Software Supply Chains). … Read more
Infrastructure is everything you don’t think about. The roads you drive on. The rigs and refineries that turn fossil fuel into the gas that makes your car go. The electricity that power the streetlights and lamps that guide your way. All these technologies that vanish into the oblivians of normalcy.” Ian Bogost, The Atlantic[1] From … Read more
