Don Maclean
Don Maclean
16 Articles0 Comments

Serving as the Chief Cyber Security Technologist at DLT, Don is responsible for formulating and executing DLT’s cyber security portfolio strategy. Within the cyber security community, Don is a leader and mentor, frequently participating in programs such as the DoS Cyber Online Learning sessions and serving as an active member of the Cloud Security Alliance.

Increasing application security in the DoD supply chain

In an attempt to improve the security of the Department of Defense (DoD) supply chain, the Pentagon recently released new cybersecurity standards for its contractors. While I’ll be taking a deeper dive into those standards in a future article, they…

The insider threat – the vulnerability that’s coming from inside the house

The insider threat: it’s one of the biggest and most persistent issues in cybersecurity. There have been multiple, recent high-profile cases – Manning, Snowden, and others. And these cases have both kept the issue in the public eye and kept…

Mobile devices – convenience, security risk or both?

Cell phones, tablets, wearables and other mobile devices dominate our lives. I personally bring my trusty iPad to everywhere, and, like everyone else, have my phone with me at all times. The biggest attack surface for any enterprise, then, may…

System and asset management in the age of IoT

Asset management can be a massive challenge for government agencies. Many government agencies – particularly large agencies – face enormous obstacles when creating inventories of the software and hardware under their purview. The difficulty is understandable: I know of one…

The Zero Trust model and data-loss prevention

In a previous article on the GovCyberHub, I wrote about the Zero Trust model for security. There are many areas of cybersecurity that complement the Zero Trust model – and data security is one. Outside of the IoT world, the…

Why recent cybersecurity legislation is just window dressing

Representative Ro Khanna (D-Calif.) recently introduced cybersecurity legislation that would, “mandate Congress [to] direct OMB to require cybersecurity training for federal employees and include information on the risks of Internet of Things (IoT) devices…” On the surface, this seems like…

Zero Trust: Buzzword or hack-buster?

Trust but verify: a Russian proverb Ronald Reagan often used to characterize U.S.-Russia relations, especially regarding nuclear weapons. The Internet has made it clear that the “trust” part of the proverb may not work so well. Today, we may have…

Blockchain and supply chain risk management

“Build it in, don’t bolt it on,” is a mantra that we all learn when we study cybersecurity. Unfortunately, we see it in practice far too rarely. Our adversaries also know this principle, and have begun to implement it by…

Phishing – why humans are the biggest security vulnerabilities

Phishing, vishing, whaling, spear-phishing: the list of clever new terms seems constantly to change. A successful attack by any other name, though, is just as sweet to the adversary. Terminology aside, the fundamental problem is this. Phishing is the most…

Polymorphic defense – making your systems “moving targets”

In my recent article on the GovCybersecurityHub entitled, “Solid foundations + innovation = stout cybersecurity,” I talked about cybersecurity can be somewhat unfair. That’s because the economies of scale favor our adversaries. I also talked about the importance of security…