The security of critical infrastructure is essential to national security. It is essential that there be a core authority that is responsible for its cybersecurity. The Cybersecurity and Infrastructure Security Agency, or CISA, is an entity essential to supporting national security and critical infrastructure security. CISA provides a level of centralization that is crucial to supporting security at the national level, including supporting critical infrastructure. The core mi

The prevalence of open-source software (OSS) promotes the integration of common software features into existing applications. However,...

In continued support of our mission to cultivate a cybersecurity renaissance that will improve the resiliency of our nation’s 16 critical infrastructure sectors, defend our democratic institutions, and empower generations of cybersecurity leaders, ICIT asked some of the brightest minds in national security, cybersecurity, and technology to author essays communicating their perspective. Our goal is to share their knowledge and insights with our community to shed light on solut

In continued support of our mission to cultivate a cybersecurity renaissance that will improve the resiliency of our nation’s 16 critical infrastructure sectors, defend our democratic institutions, and empower generations of cybersecurity leaders, ICIT asked some of the brightest minds in national security, cybersecurity, and technology to author essays communicating their perspective. Our goal is to share their knowledge and insights with our community to shed light on solut

ICIT Certified Content: This Mazebolt whitepaper contains expert insights about DDoS and its threat landscape, solutions, and mitigation in a digitally transforming world for business enterprise continuity and full DDoS security posture. Our researchers have reviewed its contents and recommend it as a trusted source of education. This whitepaper starts with a close look at the reasons why DDoS is moving up the threat chain and the best ways to protect enterprises from DDoS

CIT Certified Content: The 2021 Devo SOC Performance Report™ shows that security operations centers — and those who work in them — continue to have a number of challenges to overcome. Based on an independent survey of global cybersecurity professionals, our third annual report examines current trends for those who lead and work in SOCs. While there are some indicators of slight improvement, it’s clear that for too many people, working in the SOC remains painful. The 2020 surv

By Don Maclean , ICIT Fellow and Chief Cyber Security Technologist, DLT In continued support of our mission to cultivate a cybersecurity renaissance that will improve the resiliency of our nation’s 16 critical infrastructure sectors, defend our democratic institutions, and empower generations of cybersecurity leaders, ICIT has embarked on a journey to hold candid interviews with some of the brightest minds in national security, cybersecurity, and technology. Our goal is to s

Security operations centers (SOC) are the backbone of the cybersecurity industry providing defense, mitigation, and incident response against risks and attacks. However, SOCs are often criticized as ineffective, and one of the most frequently asked questions about SOC performance is “how to measure SOC effectiveness?” While mean time to resolution (MTTR) is the standard measure of effectiveness, this high-level measurement does not address the underlying optimization and perf

By Donald Heckman, Defense Cyber Solutions Leader & Director, Cybersecurity Solutions, Guidehouse In continued support of our mission to cultivate a cybersecurity renaissance that will improve the resiliency of our nation’s 16 critical infrastructure sectors, defend our democratic institutions, and empower generations of cybersecurity leaders, ICIT has embarked on a journey to hold candid interviews with some of the brightest minds in national security, cybersecurity, and tec

Federal agencies have increased focus on Intelligent Automation (IA) and Robotic Processing Automation (RPA) as part of their modernization journey. Many have achieved impactful results from automating countless manual processes, freeing up time to focus on innovation and mission support. Although mission critical, the acceleration of automation can introduce new security risks and expand the attack landscape. Agencies looking to deploy IA and RPA projects should be aware tha

Zero trust isn’t a new concept, although it’s certainly gained popularity recently after numerous high-profile security incidents and the Executive Order on cybersecurity issued by the White House this past May. While there’s no shortage of theoretical and abstract information available on zero trust, actionable recommendations have been hard to come by. The zero trust architecture provides guidance on protecting resources, the general deployment models are theoretical and no

Moving applications and development to the cloud has delivered both operational and security benefits at scale. However, as organizations begin to automate their infrastructure deployments and configurations using Infrastructure as Code (IaC), a new attack vector has been introduced. In addition, the move to cloud-native architectures increases the use of APIs connecting client applications to cloud hosted, microservices based solutions, introducing another new entry point f

In 2019, securely operating a distributed workforce was an ideal “wouldn’t it be great if,” and in 2020, this became a requirement. In the wake of the COVID-19 pandemic, cybersecurity teams found themselves frantically working to continue business operations in a suddenly perimeter-less environment. And that trend is likely here to stay, which means that cybersecurity and business leaders need to understand how the zero trust principles changed in the remote working world? An