Chase Cunningham

Sending malicious payloads and packets is no longer the standard in threat operations. In today’s world of massive social media presence and influence, malicious actors can bring an organization to its knees — 280 characters at a time. This isn’t an attack on your infrastructure but an attack of computational propaganda aimed to shape a divisive […]

I have done a few exercises on implementing Zero Trust and Zero Trust eXtended (ZTX) in enterprises. The impetus behind these exercises from a strategy standpoint is that the participating organizations have leaders that are Forrester clients and had read, or at least breezed through, the research that has been published on the topic of […]

I have done a few exercises on implementing Zero Trust and Zero Trust eXtended (ZTX) in enterprises. The impetus behind these exercises from a strategy standpoint is that the participating organizations have leaders that are Forrester clients and had read, or at least breezed through, the research that has been published on the topic of […]

Historically, industry is more forward-leaning than government when it comes to innovation — at least at the unclassified level. But unlike most industries, the US government is driving the cybersecurity market and has been for almost the last decade. Federal fingerprints are everywhere: Where did cybercompliance start? Where did the first frameworks for cyber operations originate? […]

I recently saw another posting/photo from a friend in the industry that showed what amounts to “booth babes” at yet another conference; this time it wasn’t in Vegas, it was in Europe. This issue is one of importance in an industry rife with failure on lots of levels, a lack of available talent, and that […]

Over the past two weeks, I was at the annual shenanigan bonanza that is the RSA Conference and was also invited to sit on a “Shark Tank” panel for emerging technology startups in Miami. In the span of two weeks, I went from seeing big, well-established companies with massive marketing budgets and millions of dollars […]

A few years ago, the concepts of microsegmentation and microperimeters for Zero Trust were championed by former Forrester analyst John Kindervag. He showed us how those concepts and their technologies could enable a more secure enterprise. Once those concepts and their associated best practices hit the street, organizations from VMware to Cisco Systems to Palo […]

I have a good friend who has a small business (roughly 100 employees and two office locations; everything lives in the cloud, no real “network” to speak of) that is doing well. A few weeks ago, over barbecue and range time (some folks play golf, we shoot guns . . . it’s a Texas thing), […]

I am a huge fan of Zero Trust—the simplicity of the concept resonates with clients that read the research authored previously by John Kindervag and more recently myself. The framework’s intrinsic value to security and business processes is readily evident to those who explore how it benefits their security needs.  If we’re honest about Zero […]

After reading through some other blogs and strategy papers over the weekend (don’t judge me; to some of us, this activity constitutes a good time . . . yes, lame . . . I know), I saw what appeared to be an underlying theme across the narratives I’d read: Security tolerates failure. It’s understandable that […]

Every year at Black Hat, the buzzword factory is in full swing. Last year the word of the day was Artificial Intelligence or Machine Learning (or in the off chance you met with someone who knew what they were talking about, they would call it “AI or ML”).  The year before that, the word of […]

Like every other movie buff, geek, or nerd on the planet I am a Star Wars fan.  I think it’s a stellar series (minus the whole Jar Jar Binks thing, anything with that guy in it could be used as an alternative to waterboarding) that has spun a tale for the ages across the better […]

This last week I was fortunate enough to be invited out to Hollywood to participate in a large exercise for the entertainment industry focusing on cyber security planning and threat management.  There were folks in attendance from a variety of organizations, all of which were very interested in just how exposed they might be to […]

Before my last deployment (quite a while ago, thankfully) my unit was training on a variety of tactics to make us all more effective in an operational setting.  That’s the long way of saying we were all getting PT'd repeatedly and learning how terrible we were at stopping the bad guys, luckily we all got […]

Let me pose a question: “Is it a bad thing to give the average person a hand grenade with the pin pulled?” I think most of us would respond to that question with an emphatic “YES!”  No one in their right mind would think it's a good idea in any possible reality to allow anyone […]

Data is the perimeter, defend it that way Unless you have been living under a rock or possibly hiding in the mountains of Montana with a giant beard and eating way too many government issued MRE’s you probably heard about the nuclear bomb of a ransomware attack that kicked off last week.  Welcome to the […]

Zero Trust principles have, thus far, been mainly aimed at the network and the technology that makes our interconnected systems “live.” That’s how the concept was originally meant to be applied, but the reality of the threat vectors and need for better security capabilities means that Zero Trust has to adapt just like everything else […]

I have a huge German Shepherd that ranks only slightly behind my human children when it comes to being spoiled and how much attention he gets.  I’ve been working on training him for nearly a year now, and he amazes me with how intelligent he is. He knows all the basics: sit, stay, here, lay […]