spotlight

May 9, 2025 Early in 2024 I met Ms. Vergara-Cobos at a conference where we shared some information about our recent respective work activities. She disclosed to me about her work leading a research study at the World Bank that focused on how cybersecurity impacts the growth of developing countries. This struck me as a […]

February 19, 2025 At the beginning of each year, for the past 10 or more years, I am excited to get the invite from my friend Larry Gordon to make the trek to the University of Maryland to attend the annual, day long forum on Financial Information Systems and Cybersecurity: A Public Policy Perspective. This […]

August 21, 2024 CISA has been working hard over the last 6 years to turn the tide on the never-ending stream of zero days and vulnerable systems that continue to plague our everyday lives. In 2018, it formed the ICT SCRM Task Force—a public-private partnership charged with identifying challenges and developing actionable solutions to enhance […]

August 12, 2024 It seems that most of the emails, articles and webinar invites I receive lately have Gen AI and [in]security as part of the headlines. Also, I was reading some of the reports coming back from BlackHat and it seems those same headlines (and the Crowdstrike debacle) were the major items of interest. […]

July 19, 2024 I have been interested in network access control technology since my days working on trusted computing and high assurance platform initiatives for different government entities. And today, with network access control comprising a key element of the zero trust cyber architecture discussions, I can understand how such offerings from Forescout Technologies are […]

July 10, 2024 I like returning each year to the AFCEA Technet Cyber Conference as it always has a lively exhibit hall and interesting panels and discussions. It is also focused quite a bit on government issues and solutions, although not exclusively, as members of the IC, DoD, and other federal agencies provide their insights […]

July 8, 2024 I remember making the case for automated and continuous risk assessment many years ago when the NIST Risk Management Framework (RMF) was first being drafted and put through some public review processes. Back then, the main focus of the RMF was enterprise IT systems. And back then, there were no tools that […]

Press Release – March 7, 2024 SRI chosen to deliver cyber-psychology-informed network defense technology for IARPA  The innovative program will be centered around the psychology of cyber attackers.   [March 7, 2024]: Menlo Park, CA – SRI announced today that it has been selected by Intelligence Advanced Research Projects Activity (IARPA) to deliver advanced technology for its recently announced Reimagining […]