Internet of Things (IoT) devices such as fitness trackers and home security cameras are growing in popularity, but many people don’t realize that these devices can also be used to attack critical infrastructure. In 2017, a group of hackers used IoT devices to launch a massive attack on the internet infrastructure provider Dyn, and they were only able to do this because they were able to exploit devices that were using default passwords.

Cybersecurity is a rapidly growing field, with a high demand for professionals who can protect against online threats and ensure the privacy and security of sensitive information. If you're interested in starting a career in cybersecurity, here are some steps to help you get started.

The world of cybersecurity is vast and ever-changing. As technology continues to advance, the need for skilled professionals who can keep up with new developments and protect against evolving threats is crucial. One way to stay current and informed is to attend cybersecurity conferences, where you can learn about the latest trends, tools, and best practices. Two of the most popular conferences in the cybersecurity world are Black Hat and DEFCON. In this blog post, we'll explore the key differences between these two events and help you determine which one is right for you.

Critical infrastructure refers to those vital systems, networks, and assets whose incapacitation or destruction would have a debilitating effect on national security, the economy, public health, or any combination thereof. In the U.S., the Department of Homeland Security (DHS) has demarcated 16 specific critical infrastructure sectors. These sectors serve as the pillars that support the nation's day-to-day operations and its citizens' way of life.

I am delighted to announce the titles of my upcoming presentations for Black Hat 2023, both scheduled for August 10th. Here's a glimpse into what you can expect.

In 2019, I was honored to be asked to participate in the Cyberspace Solarium Commission (CSC), a significant initiative established in the United States as part of the National Defense Authorization Act for Fiscal Year 2019. The Commission released its report in 2020, which included a wide range of recommendations for both legislative and executive actions.

I attended the Texas Cyber Summit for the first time this year, held at the Marriott in downtown Austin from September 28th to September 30th. Overall, I thoroughly enjoyed the event and am already planning to return next year.

Today, I joined a panel at Austin Startup Week to discuss "How Unsupervised Neural Networking Roots Out Insider Threats." The conversation took place at the Capital Factory here in Austin, Texas—an ideal setting for a forward-thinking cybersecurity discussion.

In today's digital age, the role of a Chief Information Security Officer (CISO) has dramatically evolved. Beyond technical expertise, a CISO's responsibilities now encompass leadership, strategic planning, and effective communication with both technical and non-technical stakeholders. Measuring the success of a CISO can be challenging given the multifaceted and ever-evolving nature of cybersecurity.

As a fellow at ICIT and co-author of the book “Securing the Nation’s Critical Infrastructures: A Guide for the 2021-2025 Administration,” I was honored to be asked to speak at the RSA Conference 2023 in San Francisco on the topic of “Digital Supply Chain Security: What Happens When an Organization's Trusted Solutions Can No Longer Be Trusted?” Many thanks to SafeBreach, who sponsored the event and for hosting the reception and book signing afterward.