Send a text

At the beginning of each year, for the past 10 or more years, I am excited to get the invite from my friend Larry Gordon to make the trek to the University of Maryland to attend the annual, day long forum on Financial Information Systems and Cybersecurity: A Public Policy Perspective. This year's agenda for the 20th Forum was loaded with interesting topics and speakers. The luncheon keynote, delivered by the former Deputy Director of NSA, George Barnes, especially grabbed my interest and I was delighted that George accepted my offer to do a podcast and interview. I appreciate the insight George has gained from overseeing operations at NSA, which is at the forefront of the cyber war with nation states, especially in light of the recent Salt Typhoon and Volt Typhoon attacks. So listen to the podcast here as George Barnes reflects about the cyber challenges we face and how AI is also rapidly changing the landscape of cyber offense and defense.

Send a text

I received a call a while back from my good friend, Jim Rice, who wanted to introduce me to a company with whom he had been collaborating on a solution. Jim has a knack to be on top of the next big market wave – in this case it was zero trust – and so I was eager to hear more about the solution. Jim introduced me to Chris Romeo, the CEO of OneTier who is partnered with Vantiq – Jim’s employer. When I heard more from Chris, I learned that this solution was all-encompassing, covering the foundation layers and five pillars of the zero trust framework.

It is the first one I have seen that was so comprehensive. By being built on top of Vantiq’s real-time, intelligent, orchestration platform, the partnership embeds zero trust principles while enabling real-time monitoring, adaptive threat response, and seamless automation. So you can read the interview at www.activecyber.net to learn more about this zero trust solution partnership, or you can listen to the podcast here, or do both.

Send a text

The CISA Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management (C-SCRM) Lifecycle product was developed in response to the core challenges of software assurance and cybersecurity transparency in the acquisition process, focusing primarily on software lifecycle activities. The Software Acquisition Guide focuses on the “Secure by Demand” elements by providing recommendations for agency personnel, including mission owners and contracting staff or requirements office to engage in more relevant discussions with their enterprise risk owners (such as CIOs and CISOs) and candidate suppliers such that better, risk-informed decisions can be made associated with acquisition and procurement of software and cyber-physical products.

This Active Cyber Zone podcast features two members of the team that developed the Guide. We explore why the Guide is needed and what government vendors need to know as the Guide makes its way into the federal acqusition process.

Send a text

Chris Daly, host of the Active Cyber Zone, discusses the evolution, use cases, and benefits of Confidential Computing with Ron Perez, Intel Fellow and Chief Security Architect. From the cloud, to the edge, to the endpoint, Confidental Computing is seeing an uptick of adoption and new applications as industry and governments recognize the need for hardware-based separation and attestation to build a trustworthy stack - and one that is secure by design.

Send a text

Alison King, VP of Government Affairs of Forescout Technologies, joins Chris Daly in the Active Cyber Zone to discuss government policies across a range of cyber topics and technologies. Ali was deeply involved in the crafting of multiple federal cyber reports and doctrinal materials durng her time as a civil servant. Now she leads Forescout's government policy efforts for the progress still being made in improving active cyber defenses through the public-private cooperative initiatives for cyber.

Send a text

The Cybersecurity Maturity Model Certification (CMMC) is a DoD initiative to help secure the supply chain of controlled unclassified information (CUI). Run out of the DoD CIO office, and required through DoD acquisition provisions, it requires contractors and integrators to meet stringent security measures to protect CUI. Learn about the CMMC process, how it evolved, its status today, and some things you can do to prepare for and pass the CMMC assessments, including some tools you will need such as KDM Analytics' Blade RiskManager.

Send a text

I like returning each year to the AFCEA Technet Cyber Conference as it always has a lively exhibit hall and interesting panels and discussions. It is also focused quite a bit on government issues and solutions, although not exclusively, as members of the IC, DoD, and other federal agencies provide their insights into the trending cyber issues of the day. As a member of the media, I sometimes receive requests for interviews and this year I received one from GuidePoint Security for Jason Baker, a senior member of the GuidePoint Research and Intelligence Team (GRIT). After doing a little research on the company I was excited to see them positioned to help on defending and mitigating ransomware attacks. I have been interested in learning how ransomware is affecting federal agencies, or government in general, so I was happy when Jason accepted my invite to do an interview / podcast. So you can listen to our interview and learn a little more about ransomware and how it affects our government agencies.

Send a text

Vulnerability management programs form the foundation of most managed security services and SOC efforts. Despite a plethora of scanning and discovery tools, I remember as a former SOC Manager how difficult it was to maintain comprehensive visibility of managed assets and to provide quick reaction to detected vulnerabilities. Remediation efforts were often laborious and it was difficult in many instances to know what to prioritize first. So I got excited when I ran across Nucleus Security at a conference this past summer and saw how they are helping organizations take vulnerability management to the next level. I was delighted when Patrick Garrity, a researcher and VP at Nucleus, agreed to sit down and talk to me about Nucleus. So learn more about Nucleus Security in this podcast with Active Cyber™.