Chris Hughes

Chris Hughes currently serves as the co-founder and CISO of Aquia. Chris has nearly 20 years of IT/cybersecurity experience. This ranges from active duty time with the U.S. Air Force, a civil servant with the U.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an adjunct professor for M.S. cybersecurity programs at Capitol Technology University and University of Maryland Global Campus. Chris also participates in industry working groups such as the Cloud Security Alliances Incident Response Working Group and serves as the membership chair for Cloud Security Alliance D.C. Chris also co-hosts the Resilient Cyber Podcast. He holds various industry certifications such as the CISSP/CCSP from ISC2 as holding both the AWS and Azure security certifications. He regularly consults with IT and cybersecurity leaders from various industries to assist their organizations with their cloud migration journeys while keeping security a core component of that transformation.

Vulnerability eXploitability Exchange explained: How VEX makes SBOMs actionable

SBOM formats SPDX and CycloneDX compared

SBOM formats SPDX and CycloneDX compared

Understanding the differences between these widely used software bill of materials format standards is important, but your tools will likely need to support both.

How OpenSSF Scorecards can help to evaluate open-source software risks

How OpenSSF Scorecards can help to evaluate open-source software risks

Scorecards automatically generates a score for open-source projects based on potential vulnerabilities and dependencies.

Breaking down CIS's new software supply chain security guidance

Breaking down CIS's new software supply chain security guidance

The Center for Internet Security offers best practices for securing each phase of the software supply chain.

Understanding your API attack surface: How to get started

Understanding your API attack surface: How to get started

Attackers are targeting APIs with great success. Here's how to begin assessing your API attack surface and minimize your risk.

Key takeaways from CSA’s SaaS Governance Best Practices guide

Key takeaways from CSA’s SaaS Governance Best Practices guide

Security and governance policies and practices are failing to keep up with the growth of SaaS usage. The Cloud Security Alliance's guidance aims to get that back on track.

How the Secure Software Factory Reference Architecture protects the software supply chain

How the Secure Software Factory Reference Architecture protects the software supply chain

This breakdown of the Cloud Native Computing Foundation's secure software factory guidance focuses on software provenance and build activities.

Sigstore explained: How it helps secure the software supply chain

Sigstore explained: How it helps secure the software supply chain

The free sigstore signing service helps developers establish provenance and integrity of open-source software.

The Open Source Software Security Mobilization Plan: Takeaways for security leaders

The Open Source Software Security Mobilization Plan: Takeaways for security leaders

The plan from the Linux Foundation and OpenSSF presents three goals to improve open-source software security during development and more effectively address vulnerabilities.

IDaaS explained: How it compares to IAM

IDaaS explained: How it compares to IAM

IDaaS is a cloud-based consumption model for IAM. It offers cost, scalability, and other advantages, but it also comes with its own risks.

MITRE ATT&CK v11 adds ICS matrix, sub-techniques for mobile threats

MITRE ATT&CK v11 adds ICS matrix, sub-techniques for mobile threats

The latest version of the MITRE ATT&CK Framework addresses two of the most pressing threat-actor targets: mobile devices and industrial control systems.

New SDP 2.0 specification facilitates zero-trust maturity

New SDP 2.0 specification facilitates zero-trust maturity

The Cloud Security Alliance's Software-Defined Perimeter 2.0 specification creates a path to a zero-trust approach through strong access controls.

Load More