From the Spring 2018 Issue

Shifting Left: Secure Systems Engineering

Author(s):

Hilary MacMillan, Vice President, Solutions Architecture, Secure Channels, Inc.

macmillan-feature-image

The Shift Left principle1 is well known in software and systems development, particularly in relation to testing. It’s the idea of performing test activities earlier in the system development life cycle – developing test cases and procedures and performing incremental testing as code is being written. Ideally, test activities start even earlier than this, designing … Read more

From the Spring 2018 Issue

Crowdsourced Security – An Alternative to Pentesting?

Author(s):

Alex Haynes, Information Security Manager, Cheshire Data Systems Ltd.

cheshire-feature-image

Crowdsourced security programs have grown in popularity to the point where some enterprises have dispensed with traditional pentesting, using the crowdsourced model exclusively for auditing the security of their applications and infrastructure. What is Crowdsourced Security? Crowdsourced security methodologies invite a group of people (a crowd) to test an asset for vulnerabilities. The number of … Read more

From the Spring 2018 Issue

Architectural Security, the Ardennes, and Alfred the Great

Author(s):

Dr. David Archer, PhD, Principal Research Scientist, Galois, Inc.

archer-feature-image

Much of cyber defense today relies on the same approach used in kinetic defense over the last few thousand years. We use hard perimeters (firewalls) to repel attacks, sentries (IDSs) to trigger incident response, and carefully guarded entry points (VPNs, websites) to meet functional requirements (wait…security is still a non-functional requirement?). It is both a … Read more

From the Spring 2018 Issue

A (Very) Brief History of Pre-Computer Cryptography, Part 2

Author(s):

Adam Firestone, Editor-in-Chief , United States Cybersecurity Magazine

firestone feature image part 2

This is the second part of a two-part article exploring the history of pre-computer cryptography. Part 1 focused on the period from the birth of cryptography some 4,000 years ago to the development of early transposition and substitution ciphers. Part 2 looks at the emergence of cryptanalysis under the Abbasid Caliphate and goes through the … Read more

From the Winter 2018 Issue

Managing Cyber Risk for American Aviation

Author(s):

Dr. Scott Smurthwaite, PhD, Information System Security Engineer , Federal Aviation Administration

Subba Rao Pasala, System Administrator , Federal Aviation Administration

Thomas Beatty, Program Manager , Federal Aviation Administration

FAA header image

Chinese Hackers By 2010, it was clear that a persistent threat had infiltrated American public and private sector networks and was stealing sensitive data.  In January of that year, Google stopped offering its search engine in China, citing theft of proprietary code and onerous Chinese censorship.  Google also stated that it, along with more than … Read more

From the Winter 2018 Issue

Trustworthy IoT: Just Another Block in the Chain

Author(s):

Hilary MacMillan, Vice President, Solutions Architecture, Secure Channels, Inc.

Trustworthy IOT header image

Ah, the Internet.  It’s impossible to imagine life without it.  The ability to connect and interact has fundamentally changed and continues to change society.  We can exchange information and assets around the world nearly instantaneously.  We can see and examine physical objects and environments from afar.  We can exert control and monitor actions from opposite … Read more

From the Winter 2018 Issue

Blockchain: The Good, The Bad and The Ugly

Author(s):

Kris Martel, EVP of Operations, Chief Information Security Officer, Emagine IT

blockchain header

Ask an average person if they know what blockchain is and you’ll likely get a deer-in-the-headlights look. Ask the same person if they know about Bitcoin and their eyes light up. Cryptocurrencies, like Bitcoin, are the most widely recognized technologies leveraging blockchain today. Cryptocurrency markets dominate the media and many want to invest in them … Read more

From the Fall 2017 Issue

Q&A Interview with Zane Lackey of Signal Sciences

Author(s):

Adam Firestone, Editor-in-Chief , United States Cybersecurity Magazine

Signal Sciences develops a web protection platform that provides comprehensive threat protection and security visibility for web applications, microservices, and APIs on any platform. To answer some pertinent questions for our readers about emerging trends in security and DevOps, United States Cybersecurity Magazine conducted a Question & Answer interview with Zane Lackey, Signal Science’s co-founder … Read more

From the Fall 2017 Issue

Your Web Applications are Under Attack: Are You Ready?

Author(s):

James E Lee, Executive Vice President & CMO, Waratek

John M. Holt, Founder & CTO, Waratek

On a day in June, the year 2017 became another year r the record books – six months early. According the non-profit Identity Theft Resource Center C), publically reported data breaches exceed ’s record pace by as much as 80 percent in sectors s Financial Services. As of September 1st, only vernment/Military category was behind … Read more

From the Fall 2017 Issue

Cybersecurity Morbidity and Mortality Conferences

Author(s):

Chris Castaldo, Senior Director of Information Security, 2U

Current cybersecurity paradigms are not adequately supporting the global information technology community. Billions of sensitive records are compromised each year, data is held for ransom and people’s lives are put at risk. Despite numerous well-publicized failures, 2017 has been a banner as measured by the volume of venture capitalist funding for cybersecurity startups . It’s … Read more