From the Spring 2021 Issue

Safety Or Simplicity? The Costs Of Convenience In Our Connected Life

Author(s):

Justin Petitt, Director of Cybersecurity, Systems Engineering Solutions Corporation

Larry Letow, Executive Vice President, Myriddian LLC , Operating Partner, Interprise Partners

safety-or-simplicity-the-cost-of-convenience-in-our-connected-life

Modern technology advancements are placing consumers into uncharted territory, granting limitless access to the internet and its benefits in varied and unique ways. From Smart Homes that automate key tasks, to the continued evolution of internet technologies that make activities such as banking, shopping, and connecting with peers easier, there has never been a more … Read more

From the Spring 2021 Issue

Human Security Engineering: A New Model for Addressing the “User Problem”

Author(s):

Ira Winkler, CISSP, CISO, Author, Skyline Technology Solutions

human-security-engineering

Despite best efforts, the cybersecurity professional has yet to be able to adequately handle what people refer to as “The User Problem”. A user will inevitably click on a phishing link. A user will inevitably fall prey to a social engineer. A user will click on a malicious web link. A user will accidentally email … Read more

From the Spring 2021 Issue

Radio Frequency Operations and Training From a Virtually Different Point of View

Author(s):

Rick Mellendick, Chief Security Officer, Process Improvement Achievers, LLC

radio-frequency-operations-and-training

Radio Frequency (RF) security, sometimes called wireless security, is much more than just WiFi. Over the past few years, there has been rapid growth in WiFi training courses, but very few that specialize in RF defensive and operational preparation. The usable RF spectrum for data exfiltration is typically from around 10 MHz though near 12Ghz, … Read more

From the Winter 2021 Issue

DevOps Automated Governance

Author(s):

John Willis, Senior Director, Global Transformations Office, Red Hat

Devops-Automated-Governance

In the Spring of 2019, several organizations worked together to create a forum paper called DevOps Automated Governance.[1] The paper intended to create a reference architecture around Governance, Risk, and Compliance (GRC) and an automated process while simultaneously building off of some of the successful DevOps software delivery patterns (e,g, CI/CD, Pipelines, Software Supply Chains). … Read more

From the Winter 2021 Issue

Zero-Knowledge Proofs, D-Day, and the Promise of Trustable Software

Author(s):

David W. Archer, PhD, Principal Scientist, Galois, Inc.

ZKP image

An old proverb tells us, “You know nothing until another knows you know it.” Sometimes, though, you don’t want that someone to know sensitive details – just the “fact of.” For example, take April 1942. In two months’, Operation Overlord would invade Germany’s “Fortress Europe.” The Allies’ deception operation, Fortitude South – following a strategy … Read more

From the Fall 2019 Issue

Avoiding Phantom Risk – Chasing Exploitability, Not Vulnerability

Author(s):

Alex Haynes, CISO, Cheshire Datasystems Ltd.

exploitability

The gravest warning a pen test report could contain are the words “The host may be vulnerable to remote code execution”.  It is hard to know what that immediately means. Did they get system access on a host? Nope. Was there a public exploit available for that version of software that enabled remote code execution? … Read more

From the Spring 2019 Issue

An Information Security Triality: Balancing Security, Surveillance, and Convenience

Author(s):

Adam Firestone, Editor-in-Chief , United States Cybersecurity Magazine

Information Triality

Information security cultural iconography focuses on heroic and demonic archetypes, resulting in a pageant of evocative, emotional imagery that influences reportage, regulation, acquisition, enterprise governance, and the choices made by individuals with respect to their digital personae. The angels (in the epic struggle in the wires between good and evil) are the network defenders. They … Read more

From the Spring 2019 Issue

The Role of Voice Authentication in Cybersecurity

Author(s):

Justin Petitt, Director of Cybersecurity, Systems Engineering Solutions Corporation

Larry Letow, Executive Vice President, Myriddian LLC , Operating Partner, Interprise Partners

Voice Authentication

Everyone loves to talk about the future of cybersecurity. However, most do not realize that in doing so, they’re using one of the most secure tools available to facilitate that conversation, the human voice. The voice connects us person-to-person, and when used as a component in enterprise, can securely connect us to our data around … Read more

From the Spring 2019 Issue

QKD versus PQC: A Quantum Showdown? Part 2

Author(s):

Hilary MacMillan, Vice President, Solutions Architecture, Secure Channels, Inc.

QKD versus RQC

This is part two of a two-part article on secure key distribution in a post-quantum world.  Part one focused on Quantum Key Distribution (QKD) as a method to securely distribute encryption keys.  This article will focus on Post-Quantum Cryptography (PQC), which seeks new quantum-resistant (i.e., hypothesized, but can’t be proven, to be secure against) cryptographic … Read more