Don Maclean
Don Maclean
22 Articles0 Comments

Serving as the Chief Cyber Security Technologist at DLT, Don is responsible for formulating and executing DLT’s cyber security portfolio strategy. Within the cyber security community, Don is a leader and mentor, frequently participating in programs such as the DoS Cyber Online Learning sessions and serving as an active member of the Cloud Security Alliance.

Why recent cybersecurity legislation is just window dressing

Representative Ro Khanna (D-Calif.) recently introduced cybersecurity legislation that would, “mandate Congress [to] direct OMB to require cybersecurity training for federal employees and include information on the risks of Internet of Things (IoT) devices…” On the surface, this seems like…

Zero Trust: Buzzword or hack-buster?

Trust but verify: a Russian proverb Ronald Reagan often used to characterize U.S.-Russia relations, especially regarding nuclear weapons. The Internet has made it clear that the “trust” part of the proverb may not work so well. Today, we may have…

Blockchain and supply chain risk management

“Build it in, don’t bolt it on,” is a mantra that we all learn when we study cybersecurity. Unfortunately, we see it in practice far too rarely. Our adversaries also know this principle, and have begun to implement it by…

Phishing – why humans are the biggest security vulnerabilities

Phishing, vishing, whaling, spear-phishing: the list of clever new terms seems constantly to change. A successful attack by any other name, though, is just as sweet to the adversary. Terminology aside, the fundamental problem is this. Phishing is the most…

Polymorphic defense – making your systems “moving targets”

In my recent article on the GovCybersecurityHub entitled, “Solid foundations + innovation = stout cybersecurity,” I talked about cybersecurity can be somewhat unfair. That’s because the economies of scale favor our adversaries. I also talked about the importance of security…

Solid foundations + innovation = stout cybersecurity

Every security professional knows that the adversary has the advantage. We have to find every vulnerability and remediate it, and the enemy only needs to find one vulnerability and exploit it. This asymmetry underlies their economic advantage: finding one vulnerability…

Compliance – is it becoming too big of a thing?

You have heard it enough to make you aim a fire extinguisher at your firewall: “compliance does not mean security.” Compliance work can consume up to 70 percent of security budgets in federal government agencies, and it is common to…

The ROI of cybersecurity solutions – does it exist?

What is the return on investment? Is it worth the money? That is the central question both government and industry ask themselves when deciding on any procurement. Unfortunately, demonstrating the ROI of cybersecurity products is notoriously difficult. And that’s one…

The NIST Risk Management Framework: Problems and recommendations

Cyber security assessment initiatives and frameworks abound in the US government, but their effectiveness is inconsistent. The most important law from which these frameworks and assessments arose is the Federal Information Systems Management Act (FISMA), passed in 2002, and updated…

Why multi-factor authentication is essential for IAM

Identity and Access Management (IAM) is the art and science of ensuring that someone is who they say claim to be. This ensures that they have the correct level of access to systems and data – enough to do their…