Send a text

At the beginning of each year, for the past 10 or more years, I am excited to get the invite from my friend Larry Gordon to make the trek to the University of Maryland to attend the annual, day long forum on Financial Information Systems and Cybersecurity: A Public Policy Perspective. This year's agenda for the 20th Forum was loaded with interesting topics and speakers. The luncheon keynote, delivered by the former Deputy Director of NSA, George Barnes, especially grabbed my interest and I was delighted that George accepted my offer to do a podcast and interview. I appreciate the insight George has gained from overseeing operations at NSA, which is at the forefront of the cyber war with nation states, especially in light of the recent Salt Typhoon and Volt Typhoon attacks. So listen to the podcast here as George Barnes reflects about the cyber challenges we face and how AI is also rapidly changing the landscape of cyber offense and defense.

Send a text

I received a call a while back from my good friend, Jim Rice, who wanted to introduce me to a company with whom he had been collaborating on a solution. Jim has a knack to be on top of the next big market wave – in this case it was zero trust – and so I was eager to hear more about the solution. Jim introduced me to Chris Romeo, the CEO of OneTier who is partnered with Vantiq – Jim’s employer. When I heard more from Chris, I learned that this solution was all-encompassing, covering the foundation layers and five pillars of the zero trust framework.

It is the first one I have seen that was so comprehensive. By being built on top of Vantiq’s real-time, intelligent, orchestration platform, the partnership embeds zero trust principles while enabling real-time monitoring, adaptive threat response, and seamless automation. So you can read the interview at www.activecyber.net to learn more about this zero trust solution partnership, or you can listen to the podcast here, or do both.

Send a text

The CISA Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management (C-SCRM) Lifecycle product was developed in response to the core challenges of software assurance and cybersecurity transparency in the acquisition process, focusing primarily on software lifecycle activities. The Software Acquisition Guide focuses on the “Secure by Demand” elements by providing recommendations for agency personnel, including mission owners and contracting staff or requirements office to engage in more relevant discussions with their enterprise risk owners (such as CIOs and CISOs) and candidate suppliers such that better, risk-informed decisions can be made associated with acquisition and procurement of software and cyber-physical products.

This Active Cyber Zone podcast features two members of the team that developed the Guide. We explore why the Guide is needed and what government vendors need to know as the Guide makes its way into the federal acqusition process.