Mobile devices – convenience, security risk or both?

Cell phones, tablets, wearables and other mobile devices dominate our lives. I personally bring my trusty iPad to everywhere, and, like everyone else, have my phone with me at all times. The biggest attack surface for any enterprise, then, may…

Why recent cybersecurity legislation is just window dressing

Representative Ro Khanna (D-Calif.) recently introduced cybersecurity legislation that would, “mandate Congress [to] direct OMB to require cybersecurity training for federal employees and include information on the risks of Internet of Things (IoT) devices…” On the surface, this seems like…

Blockchain and supply chain risk management

“Build it in, don’t bolt it on,” is a mantra that we all learn when we study cybersecurity. Unfortunately, we see it in practice far too rarely. Our adversaries also know this principle, and have begun to implement it by…

Polymorphic defense – making your systems “moving targets”

In my recent article on the GovCybersecurityHub entitled, “Solid foundations + innovation = stout cybersecurity,” I talked about cybersecurity can be somewhat unfair. That’s because the economies of scale favor our adversaries. I also talked about the importance of security…

Compliance – is it becoming too big of a thing?

You have heard it enough to make you aim a fire extinguisher at your firewall: “compliance does not mean security.” Compliance work can consume up to 70 percent of security budgets in federal government agencies, and it is common to…