At the beginning of each year, for the past 10 or more years, I am excited to get the invite from my friend Larry Gordon to make the trek to the University of Maryland to attend the annual, day long forum on Financial Information Systems and Cybersecurity: A Public Policy Perspective. This year's agenda for the 20th Forum was loaded with interesting topics and speakers. The luncheon keynote, delivered by the former Deputy Director of NSA, George Barnes, especially grabbed my interest and I was delighted that George accepted my offer to do a podcast and interview. I appreciate the insight George has gained from overseeing operations at NSA, which is at the forefront of the cyber war with nation states, especially in light of the recent Salt Typhoon and Volt Typhoon attacks. So listen to the podcast here as George Barnes reflects about the cyber challenges we face and how AI is also rapidly changing the landscape of cyber offense and defense.

I received a call a while back from my good friend, Jim Rice, who wanted to introduce me to a company with whom he had been collaborating on a solution. Jim has a knack to be on top of the next big market wave – in this case it was zero trust – and so I was eager to hear more about the solution. Jim introduced me to Chris Romeo, the CEO of OneTier who is partnered with Vantiq – Jim’s employer. When I heard more from Chris, I learned that this solution was all-encompassing, covering the foundation layers and five pillars of the zero trust framework.

It is the first one I have seen that was so comprehensive. By being built on top of Vantiq’s real-time, intelligent, orchestration platform, the partnership embeds zero trust principles while enabling real-time monitoring, adaptive threat response, and seamless automation. So you can read the interview at www.activecyber.net to learn more about this zero trust solution partnership, or you can listen to the podcast here, or do both.

The CISA Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management (C-SCRM) Lifecycle product was developed in response to the core challenges of software assurance and cybersecurity transparency in the acquisition process, focusing primarily on software lifecycle activities. The Software Acquisition Guide focuses on the “Secure by Demand” elements by providing recommendations for agency personnel, including mission owners and contracting staff or requirements office to engage in more relevant discussions with their enterprise risk owners (such as CIOs and CISOs) and candidate suppliers such that better, risk-informed decisions can be made associated with acquisition and procurement of software and cyber-physical products. 

This Active Cyber Zone podcast features two members of the team that developed the Guide. We explore why the Guide is needed and what government vendors need to know as the Guide makes its way into the federal acqusition process.

Chris Daly, host of the Active Cyber Zone, discusses the evolution, use cases, and benefits of Confidential Computing with Ron Perez, Intel Fellow and Chief Security Architect. From the cloud, to the edge, to the endpoint, Confidental Computing is seeing an uptick of adoption and new applications as industry and governments recognize the need for hardware-based separation and attestation to build a trustworthy stack - and one that is secure by design. 

Alison King, VP of Government Affairs of Forescout Technologies, joins Chris Daly in the Active Cyber Zone to discuss government policies across a range of cyber topics and technologies. Ali was deeply involved in the crafting of multiple federal cyber reports and doctrinal materials durng her time as a civil servant. Now she leads Forescout's government policy efforts for the progress still being made in improving active cyber defenses through the public-private cooperative initiatives for cyber.

The  Cybersecurity Maturity Model Certification (CMMC) is a DoD initiative to help secure the supply chain of controlled unclassified information (CUI). Run out of the DoD CIO office, and required through DoD acquisition provisions, it requires contractors and integrators to meet stringent security measures to protect CUI. Learn about the CMMC process, how it evolved, its status today, and some things you can do to prepare for and pass the CMMC assessments, including some tools you will need such as KDM Analytics' Blade RiskManager. 

I like returning each year to the AFCEA Technet Cyber Conference as it always has a lively exhibit hall and interesting panels and discussions. It is also focused quite a bit on government issues and solutions, although not exclusively, as members of the IC, DoD, and other federal agencies provide their insights into the trending cyber issues of the day. As a member of the media, I sometimes receive requests for interviews and this year I received one from GuidePoint Security for Jason Baker, a senior member of the GuidePoint Research and Intelligence Team (GRIT). After doing a little research on the company I was excited to see them positioned to help on defending and mitigating ransomware attacks. I have been interested in learning how ransomware is affecting federal agencies, or government in general, so I was happy when Jason accepted my invite to do an interview / podcast. So you can listen to our interview and learn a little more about ransomware and how it affects our government agencies.

 Vulnerability management programs form the foundation of most managed security services and SOC efforts. Despite a plethora of scanning and discovery tools, I remember as a former SOC Manager how difficult it was to maintain comprehensive visibility of managed assets and to provide quick reaction to detected vulnerabilities. Remediation efforts were often laborious and it was difficult in many instances to know what to prioritize first. So I got excited when I ran across Nucleus Security at a conference this past summer and saw how they are helping organizations take vulnerability management to the next level. I was delighted when Patrick Garrity, a researcher and VP at Nucleus, agreed to sit down and talk to me about Nucleus. So learn more about Nucleus Security in this podcast with Active Cyber™.

Chris Daly sits down with two members of Securely Managed LLC to discuss the day-to-day operations of a MSSP and a SOC as a service. Richard Cozart, Security Architect, and Michael Staley, SOC Director, go over the ins and outs of running 24/7 managed security services and review some of the fundamental technologies that make a SOC go.

Active Cyber sits down with Sajay Rai - CEO of Securely Yours - to discuss what it takes to be "cyber ready." Sajay dives into the consulting offerings of Securely Yours, describes the foundational standards and guides for becoming cyber ready, and discusses how different customers in different industries at different levels of maturity look at cyber readiness a little differently. 

Chris Daly of Active Cyber sits down with Sajay Rai, CEO of Securely Managed LLC, a top 250 MSSP, to discuss the challenges of being a MSSP. He reveals how he customizes offerings and partners with leading vendors to meet the changing needs of his diverse customer set. He also discusses his journey from security consulting to MSSP and how his sister company - Securely Yours, which focuses on security consulting - provides a synergy that benefits his customers from risk assessments to bootstrapping new companies into a cost-effective and resilient security posture. Learn more about Securely Managed at https://securelymanaged.com/
and Securely Yours at https://www.securelyyoursllc.com/

 Assuring the secure adoption of a new technology, assessing your software supply chain for risks, hunting for vulnerabilities in your infrastructure are all complex and challenging tasks - but ones that are critical to securing your business or government agency. Having specialized, automated tools that are seamlessly integrated using standard methods and interfaces can significantly reduce the complexity of these activities while increasing speed to capability. In particular, leveraging a software assurance ecosystem of integrated tools has proven to be an effective approach to managing security needs at an industrial scale. One example of a standards-based software assurance ecosystem effort can be found at the Open Management Group in the form of the System Assurance Platform Level Task Force. Headed by Djenana Campara of KDM Analytics, the Task Force aims to establish a common framework for analysis and exchange of information related to system assurance and trustworthiness. Ms. Campara has incorporated the work of this Task Force into her company's products that provide risk analytics. I was intrigued by how she combined risk analytics and model-based systems engineering to provide enterprise level risk assessments and thought the subject was worth exploring, especially given how risk management approaches are really moving to the forefront of needs given the software supply chain problems that seem to be coming up on a regular basis. So check out this Active Cyber™ podcast with Ms. Campara. 

Kurtis Minder, CEO of Groupsense - a digital risk protection services company , and Ritesh Agrawal, CEO of Airgap Networks - a cybersecurity vendor of the industry’s first agentless Ransomware Kill Switch, met with Chris Daly in this podcast by ActiveCyber.net to discuss their partnership to help companies fight ransomware. Clients can microsegment their networks to automatically stop the spread of ransomware during the incident mitigation lifecycle and have a detailed and tested ransomware “playbook” for mitigating the damage caused by these cyberattacks by integrating GroupSense’s Ransomware Response Readiness Subscription (R3S) service offering with Airgap’s Ransomware Kill Switch annual SaaS subscription.

As a former SOC Director, I can appreciate the value of a cyber platform that provides the hygiene and cleaning of the network. Although the mantra of "assume breach" is often valid, we still need to pay close and continuous attention to preventative measures. That is also the target area of Cyvatar who provides a "Cybersecurity-as-a-Service" offering. I got a chance to learn more about this offering from the start-up's co-founder - Corey White. Listen to the podcast to learn more about how Cyvatar's platform works and how the company's plans to "democratize" cybersecurity should pay dividends to customers large and small.

This week is a busy week for those getting ready for Black Hat and Defcon. So I felt very lucky to land an interview with John Morgan - the CEO of Confluera, a cybersecurity start-up focused on endpoint detection and response. Learn how Confluera's innovative storyboarding platform provides enhanced insights for runtime threat detection and response. Find out why they are focused on the cloud and learn about how they differentiate in the crowded XDR market in this podcast interview with Chris Daly of ActiveCyber.net. 

Djenana Campara, CEO of KDM Analytics along with Steve Seiden, President of AcquireData Solutions (ADS) and Dr. Tony Barber discuss the features and benefits of the Blade Risk Assessment tool. Blade applies a model-based systems engineering approach to risk assessment while using NIST RMF controls to provide a strong foundation for developing mitigations for identified risk areas. ADS, with over 20 years of test engineering credentials, is well positioned to take Blade to the Operational Technology marketplace as it looks to merge OT and IT safety, security, and resiliency needs. Chris Daly of Active Cyber hosts this whirlwind discussion. 

John D - the founder of AR start-up Virfiti - describes some of the use cases, technology and opportunities in the field of augmented reality in this interview with Chris Daly of Active Cyber.net. Learn how SLAM, Unity3D, meshed point clouds, blockchain, image recognition, social media all play together as John takes us through a technology journey that will become a disrupter and major change agent in our everyday lives.

Chris Daly of Active Cyber and Major General Matthews discuss emerging cyber issues, the role of security instrumentation platforms such as Verodin, and emerging IoT security requirements.