CIO of the Illinois State Treasurer’s Office on the importance of executive buy-in to cyber initiatives

When we think about the types of companies and organizations that are often targets of cyberattacks, we tend to think about the companies with something that e-criminals want. These are crimes being perpetrated by criminals, after all. They wouldn’t take…

James Yeager Lays Out the Fed and SLED Threat Landscape in Advance of Fal.con for Public Sector

You would think that – in the midst of a global pandemic that is confirmed to have killed almost 500,000 people worldwide – that the healthcare organizations working to find a cure would be able to conduct their work and…

Why recent cybersecurity legislation is just window dressing

Representative Ro Khanna (D-Calif.) recently introduced cybersecurity legislation that would, “mandate Congress [to] direct OMB to require cybersecurity training for federal employees and include information on the risks of Internet of Things (IoT) devices…” On the surface, this seems like…

Polymorphic defense – making your systems “moving targets”

In my recent article on the GovCybersecurityHub entitled, “Solid foundations + innovation = stout cybersecurity,” I talked about cybersecurity can be somewhat unfair. That’s because the economies of scale favor our adversaries. I also talked about the importance of security…

Mobile devices – convenience, security risk or both?

Cell phones, tablets, wearables and other mobile devices dominate our lives. I personally bring my trusty iPad to everywhere, and, like everyone else, have my phone with me at all times. The biggest attack surface for any enterprise, then, may…

Why recent cybersecurity legislation is just window dressing

Representative Ro Khanna (D-Calif.) recently introduced cybersecurity legislation that would, “mandate Congress [to] direct OMB to require cybersecurity training for federal employees and include information on the risks of Internet of Things (IoT) devices…” On the surface, this seems like…

Blockchain and supply chain risk management

“Build it in, don’t bolt it on,” is a mantra that we all learn when we study cybersecurity. Unfortunately, we see it in practice far too rarely. Our adversaries also know this principle, and have begun to implement it by…

Polymorphic defense – making your systems “moving targets”

In my recent article on the GovCybersecurityHub entitled, “Solid foundations + innovation = stout cybersecurity,” I talked about cybersecurity can be somewhat unfair. That’s because the economies of scale favor our adversaries. I also talked about the importance of security…

Compliance – is it becoming too big of a thing?

You have heard it enough to make you aim a fire extinguisher at your firewall: “compliance does not mean security.” Compliance work can consume up to 70 percent of security budgets in federal government agencies, and it is common to…