Insider Risk Programs have continued to evolve naturally over the past 20 years. They have grown exponentially beyond the traditional lens of trying to identify spies through cyber-focused data exfiltration events. Today, Insider Risk Programs have expanded to include internal HR, legal, and compliance stakeholders within organizations and have expanded security beyond strictly physical and cyber domains to now include analysts, investigators,...

Office of Management and Budget (OMB) Memorandum M-22-09 requires “agencies to achieve specific zero trust security goals” and designates “Identity” as the first of five pillars from CISA’s zero trust maturity model. Additionally, M-22-09 provides specific actions for the Identity pillar that include, employing centralized identity management systems that integrate with agency applications and platforms; leveragin...

The persistence of nation-state actors has introduced a threat to America’s cybersecurity landscape that has never been seen before. Ample countermeasures have been prescribed through various White House, DoD, and CISA guidance that places responsibility on government and private industry to follow these new guidelines for the development of secure software. As we turn the corner toward the close of the federal fiscal year and begin cybe...

Federal agencies across government have started the shift in mindset from just patching and remediation to truly transformative cybersecurity modernization. There is no better example than the move to developing zero trust architecture governmentwide. While every agency is in a different stage of its ZT implementation journey, there are key guideposts and best practices that every federal IT and security team should be following to optimize th...

In today’s interconnected and rapidly evolving digital landscape, ensuring secure access to sensitive resources is of paramount importance. There are various methods of securing data and Federal agencies have explored a majority of them. Identity, Credential, and Access Management (ICAM) and Attribute-Based Access Control (ABAC) have emerged as two prominent frameworks that enable organizations to address the challenges associated with a...

Modern cybersecurity measures such as post-quantum cryptography (PQC) and zero trust architecture (ZTA) are essential to protect U.S. critical infrastructure and ensure a resilient nation. And with a flurry of comprehensive initiatives coming from the Executive Branch, Pentagon, NSA, and NIST, it can be challenging for U.S. government CIOs and CISOs to determine where to prioritize resources. But PQC and ZTA aren’t mutually exclusive: ef...

To address the dynamic challenge of Insider Threats, organizations must have an agile process that should include training and the need to stay connected with their internal policies, external requirements, evolving risk discovery technology, best practices from within and other organizations, and government lessons learned. Simply stated, training is not a one-and-done or calendar-based ‘check the box activity.’ It is a critical c...

Join us for the Combined Joint All Domain Command and Control (CJADC2) Industry Day: Global Integration and Operations on June 20, 2023 from 8:30 AM to 1:30 PM in Arlington, VA. Hear from expert panelists as they dive into the progress made in the United States military's cyberspace domain. With technology advancing at an unprecedented rate and our growing dependence on digital infrastructure, cyberspace has emerged as a crucial realm for mili...

In the digital age, government agencies face increasing threats from spyware that can compromise sensitive information and undermine national security. To combat this, many government organizations are taking proactive measures by implementing executive orders and directives to ban specific applications on their mobile devices. However, this approach presents challenges in terms of scalability, visibility, and keeping up with rapidly evolving...

With all of the components of Zero Trust, there are various models and theories that an organization can use to strengthen their cybersecurity practices. The CISA Zero Trust Maturity Model and the DoD Zero Trust Strategy are only two examples of frameworks that provide guidance on implementing Zero Trust security principles within an organization. Both models emphasize the steps it takes to achieve total Zero Trust, but they differ in some of...