From the Winter 2021 Issue

From the Publisher

Author(s):

Karen Austin, Publisher, United States Cybersecurity Magazine

Greetings, Welcome to the Winter 2021 issue of the United States Cybersecurity Magazine! As always, we’d like to take a moment to thank our supporters, members, sponsors, contributors and everyone else who makes the magazine possible. All of us here at the United States Cybersecurity Magazine remain committed to bringing you, our readers, the best … Read more

From the Winter 2021 Issue

From the Editor-in-Chief

Author(s):

Adam Firestone, Editor-in-Chief , United States Cybersecurity Magazine

Hello, Tell me the truth. Am I the only one, who, upon learning about the Solar Winds breach, was humming a Whitesnake song from 1982? As the song says: Here I go again on my own Goin’ down the only road I’ve ever known While the jury’s still out on whether I’m a drifter, if … Read more

From the Winter 2021 Issue

What’s Wrong with Our Industry? Business Survival and Network Security in Times of Crisis

Author(s):

Jack Koons, Author,

Data Data Data

Hard Truths Members of the cybersecurity industry need to face a few hard truths: The perimeter as we know it is rapidly dissolving. Your data must now traverse known and unknown (i.e., untrusted) infrastructure and operate on devices no longer considered “corporate”. Identity is the new perimeter – no longer constrained by static routing tables … Read more

From the Winter 2021 Issue

Learning to Speak DevSecOps: Aligning Pentesting to Development Workflows

Author(s):

Caroline Wong, Chief Strategy Officer, Cobalt.io

devsecops

To stay competitive in the new “Age of Agile”, many DevOps teams are pushing new code releases more frequently than ever before. In fact, according to Statista, 27% of organizations release software on a daily basis and 24% release software weekly. The problem, however, is that in these scenarios, security, particularly pentesting, ceases to fit into … Read more

From the Winter 2021 Issue

Ransomware: The King of Evolution

Author(s):

Dr. Jason Edwards, Cybersecurity Strategy Principal, USAA

Griffin Weaver, Senior Legal Counsel, Dell Technologies

ransomware-king-of-evolution

The concept of ransomware is not new – not even for this century. Rather, it’s an old crime that has evolved with the advent of the computer age and the need to conduct business online. Ransom crimes (i.e. holding something of value hostage) have been around for thousands of years. But now, with the introduction … Read more

From the Winter 2021 Issue

The Expanding Cyber Threat in Healthcare

Author(s):

Tyler Cohen Wood, CEO, MyConnectedHealth Inc.

Cyber-threat-healthcare

As the world continues to struggle with the COVID-19 pandemic, the emergence of telehealth as a primary method of healthcare has revealed that there are vulnerabilities of telehealth systems. This new development has turned the spotlight on patient health data, highlighting them as a target for hackers. Hospitals, research institutions, and pharmaceutical companies continue to … Read more

From the Winter 2021 Issue

Still Looking for Cyber Solutions for the Same Cyber Problems

Author(s):

Colby Proffitt, Cybersecurity Strategist, Netskope

Real Time Data

Real-time data, not more tools, critical to reduce risk and make better cyber decisions The job of the Chief Information Security Officer (CISO) has become much more complex over the last decade. With every advance in technology, the amount of risk facing most organizations has also increased. CISOs – as well as Chief Risk Officers … Read more

From the Winter 2021 Issue

Threat Intelligence-Led Cybersecurity

Author(s):

Brian Contos, VP & CISO, Mandiant Security Validation , Mandiant

Threat Intelligence

Successfully predicting, preventing, detecting, responding, and recovering from cyber-attacks requires you to have in-depth knowledge of the attacker, their tactics, and their techniques. While most organizations operate with some level of threat intel, some still haven’t embraced automation as a way to operationalize intel for the validation of TTPs and IOCs against their security tools, … Read more

From the Winter 2021 Issue

DevOps Automated Governance

Author(s):

John Willis, Senior Director, Global Transformations Office, Red Hat

Devops-Automated-Governance

In the Spring of 2019, several organizations worked together to create a forum paper called DevOps Automated Governance.[1] The paper intended to create a reference architecture around Governance, Risk, and Compliance (GRC) and an automated process while simultaneously building off of some of the successful DevOps software delivery patterns (e,g, CI/CD, Pipelines, Software Supply Chains). … Read more

From the Winter 2021 Issue

Five Approaches and Tools For Organizations to Mitigate Their IoT/ICS Cyber Risks

Author(s):

Henry J. Sienkiewicz, Author,

Sam Kendrick, Student – Technology Management Program, Georgetown University (Co-author)

5 Approaches

Infrastructure is everything you don’t think about.  The roads you drive on. The rigs and refineries that turn fossil fuel into the gas that makes your car go. The electricity that power the streetlights and lamps that guide your way. All these technologies that vanish into the oblivians of normalcy.”  Ian Bogost, The Atlantic[1] From … Read more