Author: Alex Haynes

Alex Haynes is an independent researcher with a background in offensive security. He is credited for discovering vulnerabilities in products by Microsoft, Adobe, Pinterest, Amazon Web Services and IBM. He is a former Top 10 ranked researcher on Bugcrowd and a member of the Synack Red Team. He is also a frequent contributor to InfoSec publications and speaks regularly at conferences on the topics of offensive security, vulnerability management and crowdsourced security. He is currently the CISO at IBS Software.

From the Fall 2024 Issue

Multi-Party Computation: A Double-Edged Sword for Cybersecurity

Author(s):

Alex Haynes, CISO , IBS Software

Multi-party Computation

In the digital age, data is king, driving decisions, shaping experiences, and demanding robust security. However, collaboration often necessitates sharing this valuable asset, raising privacy concerns. Multi-Party Computation (MPC), a cryptographic innovation, offers a solution. It empowers multiple parties to jointly analyze data while keeping their individual contributions confidential. Rooted in the foundational work of … Read more

From the Summer 2024 Issue

Increasingly, Companies Aren’t Allowed to Pay Ransoms, and This is a Good Thing

Author(s):

Alex Haynes, CISO , IBS Software

Ransom Payments

In the evolving landscape of cyber threats, the dilemma of whether or not to pay ransomware actors remains a contentious issue. As cybercriminals continue to leverage ransomware attacks to extort money from organizations, the responses from victims, cyber insurance companies, and government cyber emergency response teams (CERTs) have progressively shifted away from acquiescence to a … Read more

From the Spring 2024 Issue

The Case for Moving Beyond VPNs: Embracing Conditional Access

Author(s):

Alex Haynes, CISO , IBS Software

The Case for Moving Beyond VPNs: Embracing Conditional Access

In the ever-evolving landscape of cybersecurity, traditional tools, and approaches to securing remote access, such as Virtual Private Networks (VPNs), are increasingly seen as inadequate for the complex demands of modern enterprise environments. The shift towards a more dynamic, distributed workforce, along with the proliferation of cloud services and mobile computing, necessitates a re-evaluation of … Read more

From the Winter 2024 Issue

,

Avoiding Phantom Risk – Chasing Exploitability, Not Vulnerability

Author(s):

Alex Haynes, CISO , IBS Software

exploitability

The gravest warning a pen test report could contain are the words “The host may be vulnerable to remote code execution”.  It is hard to know what that immediately means. Did they get system access on a host? Nope. Was there a public exploit available for that version of software that enabled remote code execution? … Read more

From the Fall 2023 Issue

The Myth of Cyberwarfare – The Ukraine Example

Author(s):

Alex Haynes, CISO , IBS Software

The Myth of Cyberwarefare

Over a decade ago, the front page of ‘the economist’ once had a nuclear mushroom cloud with the caption ‘Cyberwar: the threat from the internet’. A dramatic way to encapsulate the vision of how we perceived the impact of such a threat. Since then the term ‘cyberwar’ is bandied around a lot without any real … Read more

From the Summer 2023 Issue

Making Sense of CNAPP

Author(s):

Alex Haynes, CISO , IBS Software

Making Sense of CNAPP

Cloud Native Application Protection Platforms (CNAPP) are a new category of security tools that are designed to protect cloud-native applications. CNAPPs are a combination of functionality that comprise Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), and Cloud Infrastructure Entitlement Management (CIEM). More recently they’ve integrated SAST (Static Application Security Testing) for workloads … Read more

Other People’s Data Breaches: They Can Help You Too

Author(s):

Alex Haynes, CISO , IBS Software

Data Breaches

Over the past few years, numerous well-known brands and major corporations have been targeted by cyber-attacks resulting in the exposure of millions of customers’ personal and sensitive information, making data breaches an increasingly common occurrence. Although the immediate effects of these breaches can be severe for both affected individuals and companies, there is potential for … Read more

From the Winter 2023 Issue

Teaching Kids How to Hack

Author(s):

Alex Haynes, CISO , IBS Software

Teaching Kids How to Hack

Many industry professionals bemoan the lack of qualified candidates within information security and resource scarcity is a common issue for many companies. According to latest estimates and depending which numbers you follow, there is a potential shortfall of up to one million cybersecurity professionals globally and this is just getting worse. Granted, geo-political issues like … Read more

From the Fall 2022 Issue

Zero Trust is Not a Product

Author(s):

Alex Haynes, CISO , IBS Software

Zero Trust is Not a Product

Every year at the bevy of conferences that dot the Information Security landscape you can always detect an inherent theme. This may be influenced by acute threats (i.e., Ransomware), a new regulatory environment (i.e., GDPR) or even just a sudden change in how we work, as we all experienced during the pandemic. The issue Zero … Read more

From the Summer 2022 Issue

Ukraine is Winning the Cyberwar Against Russia

Author(s):

Alex Haynes, CISO , IBS Software

Ukraine is Winning - Alex Haynes

During the build-up to the illegal invasion of Ukraine in February of 2022, there was consternation among information security professionals about what would happen on the cyber front. The prevailing groupthink at the time was that if countries in the West imposed sanctions, then they would suddenly be subjected to blistering Russian cyber-attacks that would … Read more