How Key Management, PKI Controls, and Zero Trust Principles are Applied to Thwart Advanced Persistent Threats (APTs) For years, cybersecurity professionals argued the importance of “zero trust networks” and their concerns have been fully validated in the wake of the SolarWinds incident. Hacking techniques likely used in the SolarWinds Sunburst attack include mapping of sIDHistory, […]
About Chuck White
Chuck is a technologist, inventor, entrepreneur, father, and husband. He has extensive knowledge in cyber defense, collaboration solutions, big data analytics, and security software development. He is a former U.S. Army officer, combat veteran, father of a four year old girl who loves Supergirl, and a recognized thought leader in the security software community. Chuck is a member of the OASIS KMIP and OpenC2 technical committees and is a co-editor for version 2.0 of the KMIP specification.
Entries by Chuck White
When considering the intersection of Roots of Trust and the accessibility of services provided by cloud architecture, reliable options quickly become scarce. That is why we at Fornetix are excited to see nCipher launch their “nShield as a Service” (nSaaS) offering. With the combination of Internet of Things (IoT) based technologies and the embracing of […]
When looking at technology adoption, I am frequently reminded of Pandora’s Box from Greek mythology. This metaphor rings true when considering the Internet of Things (IoT). Whereas Pandora released a host of evils into the world, with IoT we have released new concerns associated with multiple technologies, multiple standards, scale, and security (or as I […]
When looking at the problems we were trying to solve with VaultCore, IoT and IoE have always been part of the grand vision of orchestration. As more and more systems break down the concept of perimeters or layers, there is a need to address the realities of these changes.
Utilizing VaultCore During a Hospital Ransomware Event In Part 2 of this series, we examined the ongoing transition from Cyber Security to Cyber Defense, discussing Cyber Defense effects and utilizing VaultCore to realize those effects. In this post, we continue the discussion as we demonstrate how VaultCore enables the effects in a real-world scenario. For […]
It’s been a little over a year since exclaiming that Cyber Security is dead. In that year, we have seen broader acceptance of terms like Defense and Resiliency. We have even seen attempts to pass laws that are the cyber equivalent of the “castle doctrine” for home defense. All that aside, one term that is […]
When considering automotive IoT, it’s logical to focus on the supply chain that makes the car possible. In reviewing the application of key management to the automotive IoT landscape, it becomes apparent that the provenance of car components, from tires to telematics, is absolutely critical. Any poorly-built component can cause a systemic failure of the […]
Back in June, Kevin Mooney wrote an excellent piece on The Strong Case for Interoperability. Getting back to that subject matter, in perhaps not the most ideal of circumstances, we are going to talk about standards, interoperability, and transition as it pertains to resolving systemic issues. This is being driven by faults in 802.11 as […]
Over the past several weeks we’ve seen three newsworthy stories where sensitive information finds its way onto Amazon’s S3 cloud storage service: NGA, WWE, and Verizon.
Cyber security and cyber defense sound a lot alike. Some people even prefer to call the latter cyber security defense. However, they’re not the same. I recently had the chance to respond to a LinkedIn post from Larry Cole about terminology for Cyber Security vs Cyber Defense. The conversation with Larry really hits home regarding […]