From the Winter 2021 Issue

DevOps Automated Governance

Author(s):

John Willis, Senior Director, Global Transformations Office, Red Hat

Devops-Automated-Governance

In the Spring of 2019, several organizations worked together to create a forum paper called DevOps Automated Governance.[1] The paper intended to create a reference architecture around Governance, Risk, and Compliance (GRC) and an automated process while simultaneously building off of some of the successful DevOps software delivery patterns (e,g, CI/CD, Pipelines, Software Supply Chains). … Read more

From the Winter 2021 Issue

Zero-Knowledge Proofs, D-Day, and the Promise of Trustable Software

Author(s):

David W. Archer, PhD, Principal Scientist, Galois, Inc.

ZKP image

An old proverb tells us, “You know nothing until another knows you know it.” Sometimes, though, you don’t want that someone to know sensitive details – just the “fact of.” For example, take April 1942. In two months’, Operation Overlord would invade Germany’s “Fortress Europe.” The Allies’ deception operation, Fortitude South – following a strategy … Read more

From the Fall 2019 Issue

Avoiding Phantom Risk – Chasing Exploitability, Not Vulnerability

Author(s):

Alex Haynes, CISO, Cheshire Datasystems Ltd.

exploitability

The gravest warning a pen test report could contain are the words “The host may be vulnerable to remote code execution”.  It is hard to know what that immediately means. Did they get system access on a host? Nope. Was there a public exploit available for that version of software that enabled remote code execution? … Read more

From the Spring 2019 Issue

An Information Security Triality: Balancing Security, Surveillance, and Convenience

Author(s):

Adam Firestone, Editor-in-Chief , United States Cybersecurity Magazine

Information Triality

Information security cultural iconography focuses on heroic and demonic archetypes, resulting in a pageant of evocative, emotional imagery that influences reportage, regulation, acquisition, enterprise governance, and the choices made by individuals with respect to their digital personae. The angels (in the epic struggle in the wires between good and evil) are the network defenders. They … Read more

From the Spring 2019 Issue

The Role of Voice Authentication in Cybersecurity

Author(s):

-Larry Letow, Executive Vice President, Myriddian LLC , Operating Partner, Interprise Partners

Justin Petitt, Director of Cybersecurity, Systems Engineering Solutions Corporation

Voice Authentication

Everyone loves to talk about the future of cybersecurity. However, most do not realize that in doing so, they’re using one of the most secure tools available to facilitate that conversation, the human voice. The voice connects us person-to-person, and when used as a component in enterprise, can securely connect us to our data around … Read more

From the Spring 2019 Issue

QKD versus PQC: A Quantum Showdown? Part 2

Author(s):

Hilary MacMillan, Vice President, Solutions Architecture, Secure Channels, Inc.

QKD versus RQC

This is part two of a two-part article on secure key distribution in a post-quantum world.  Part one focused on Quantum Key Distribution (QKD) as a method to securely distribute encryption keys.  This article will focus on Post-Quantum Cryptography (PQC), which seeks new quantum-resistant (i.e., hypothesized, but can’t be proven, to be secure against) cryptographic … Read more

From the Spring 2019 Issue

Programmable Networking: Solving the Security Challenges facing SD-WAN

Author(s):

Edward J. Wood, ,

programmable-network-header

Enterprises are moving their communications to the internet. Private networks are costly, inflexible, and do not easily enable the digital transformation of their businesses. However, over the last couple of years, we have seen a plethora of SD-WAN technologies come to market. Safe to say, SD-WAN adoption has accelerated. Unfortunately, SD-WAN has a number of … Read more

From the Winter 2019 Issue

Free Isn’t Always Best– It should come with a Big Caution Sign

Author(s):

MG (Ret) Quantock, , United States Army (Ret)

Quantock-feature-image-wn19

The free mapping in your phone is a powerful tool. And while it’s not designed to fire an artillery shell on a precision target, the app has all the basic features you need. So, why doesn’t the U.S. military ditch its expensive firing systems for free solutions? Because, while free products often have the features … Read more

From the Winter 2019 Issue

Cybersecurity and Critical Infrastructure: A Growing Sense of Urgency – Part 1

Author(s):

Audie Hittle, Chief Innovation Officer , Mystek Systems, Inc.

AudieHittle-feature-image-wn19

This two-part article examines risks and implications related to securing American critical infrastructure. Part I examines the historical framework and the current state of critical infrastructure protection. Part II discusses ways threat responses can be improved. What happens if one day you awake and discover the power had gone off during the night? You may … Read more