Archives: Articles

From the Spring 2018 Issue

Crowdsourced Security – An Alternative to Pentesting?

Author(s):

Alex Haynes, CISO , IBS Software

cheshire-feature-image

Crowdsourced security programs have grown in popularity to the point where some enterprises have dispensed with traditional pentesting, using the crowdsourced model exclusively for auditing the security of their applications and infrastructure. What is Crowdsourced Security? Crowdsourced security methodologies invite a group of people (a crowd) to test an asset for vulnerabilities. The number of … Read more

From the Spring 2018 Issue

Architectural Security, the Ardennes, and Alfred the Great

Author(s):

David W. Archer, PhD, Principal Scientist, Niobium Microsystems and Galois, Inc.

archer-feature-image

Much of cyber defense today relies on the same approach used in kinetic defense over the last few thousand years. We use hard perimeters (firewalls) to repel attacks, sentries (IDSs) to trigger incident response, and carefully guarded entry points (VPNs, websites) to meet functional requirements (wait…security is still a non-functional requirement?). It is both a … Read more

From the Spring 2018 Issue

A (Very) Brief History of Pre-Computer Cryptography, Part 2

Author(s):

Adam Firestone, Editor-in-Chief , United States Cybersecurity Magazine

firestone feature image part 2

This is the second part of a two-part article exploring the history of pre-computer cryptography. Part 1 focused on the period from the birth of cryptography some 4,000 years ago to the development of early transposition and substitution ciphers. Part 2 looks at the emergence of cryptanalysis under the Abbasid Caliphate and goes through the … Read more

From the Spring 2018 Issue

,

Aberdeen Proving Ground Speaks on Cybersecurity

Author(s):

Caleb Townsend, Staff Writer, United States Cybersecurity Magazine

Feature image APG

  The trust put into any network is reliant on three main components: reliable hardware, strong software, and capable, aware people. Network trust, whether implicit or direct, is important for holding the fabric of any infrastructure together, especially during periods of distress or danger. The significant need for network trust especially applies to the cyber-realm, … Read more

From the Spring 2018 Issue

Cybersecurity Workforce Development: A Regional Model for the Nation

Author(s):

Kevin Nolten, Director of Academic Outreach, CYBER.ORG

Nolten feature image

To build the cyber-educated workforce capable of supporting the needs of government, industry and academia, communities across the country are adapting to the evolving economic and technological landscape. Louisiana, for example, has seen its economic base transform from one that was historically focused on oil and gas, agriculture and gaming, to a diversified 21st century … Read more

From the Spring 2018 Issue

Better than (Project) Zero: A Cybersecurity ROI Roadmap

Author(s):

Chris Castaldo, Senior Director of Information Security, 2U

castaldo feature image

Since 2014 the mission of Google’s Project Zero has been to make the Internet a more secure place through the discovery and responsible publishing of vulnerabilities. While Google works with vendors to ensure a patch is available before details of a vulnerability are released, nothing is actually made more secure until that patch is applied … Read more

From the Spring 2018 Issue

A Disciplined Approach to Cybersecurity Program Management

Author(s):

Brian Hubbard, Director of Commercial Strategic Business and Cybersecurity Solutions, Edwards Performance Solutions

Brian Hubbard feature image

In many organizations, the Chief Information Security Officer (CISO) and their team understands the need for a strategic approach to managing an enterprise information security program. However, continual tactical “fire drills” rarely allow time to be dedicated to strategic objectives. Given typical CISO resource constraints, efficient and effective operations are critical to success. Running a … Read more

From the Spring 2018 Issue

Cybersecurity Impacts of the EU GDPR

Author(s):

Henry J. Sienkiewicz, Faculty, Georgetown University

GDPR FEATURE IMAGE

Cybersecurity Considerations Around General Data Protection Regulation (GDPR) Data breaches and cyber-attacks have become commonplace. Every organization, regardless of the type of business or size, is a target. Safeguarding data (and it is data that is the ultimate target) is the challenge, a challenge that spans technical, military, political, and law enforcement concerns within a … Read more

From the Spring 2018 Issue

from the {EDITOR-IN-CHIEF}

Author(s):

Adam Firestone, Editor-in-Chief , United States Cybersecurity Magazine

Hello, If you haven’t seen the Beatles’ 1968 animated masterpiece Yellow Submarine, you’re missing out on one of the great treasures of 20th-century cinema. There’s a scene in which Ringo and George are discussing George’s driving off in what Ringo says is his car: Ringo: Hey, that’s my car, lad. George: How do you know … Read more