Chris Hughes

Chris has nearly 15 years of IT/cybersecurity experience. This ranges from active duty time with the US Air Force, a civil servant with the US Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an adjunct professor for M.S. Cybersecurity programs at Capitol Technology University and University of Maryland Global Campus. Chris also participates in industry working groups such as the Cloud Security Alliances Incident Response Working Group and serves as the membership chair for Cloud Security Alliance D.C. Chris also co-hosts the Resilient Cyber Podcast. Chris holds various industry certifications such as the CISSP/CCSP from ISC2 as holding both the AWS and Azure security certifications. He regularly consults with IT and cybersecurity leaders from various industries to assist their organizations with their cloud migration journeys while keeping security a core component of that transformation. Chris currently works at Rise8 focusing on digital transformation and cybersecurity.

The case for a SaaS bill of material

NTLM relay attacks explained, and why PetitPotam is the most dangerous

NTLM relay attacks explained, and why PetitPotam is the most dangerous

Attackers can intercept legitimate Active Directory authentication requests to gain access to systems. A PetitPotam attack could allow takeover of entire Windows domains.

Kubernetes hardening: Drilling down on the NSA/CISA guidance

Kubernetes hardening: Drilling down on the NSA/CISA guidance

The new guidance gives a solid foundation for hardening Kubernetes container environments. These are its key components and why they are important.

Why you need a SaaS governance plan, and what should be in it

Why you need a SaaS governance plan, and what should be in it

The rapid proliferation of authorized and unauthorized software-as-a-service solutions presents significant security risks. Now is the time for a strategy to manage those risks.

7 tenets of zero trust explained

7 tenets of zero trust explained

Cut through the hype. NIST's core zero trust elements provide a practical framework around which to build a zero trust architecture.

Securing infrastructure as code: Perils and best practices

Securing infrastructure as code: Perils and best practices

Some organizations are leaving themselves vulnerable when they adopt an infrastructure-as-code approach. Here's how to avoid misconfigurations and insecure templates.

The shared responsibility model explained and what it means for cloud security

The shared responsibility model explained and what it means for cloud security

The shared responsibility model (SRM) delineates what you, the cloud customer is responsible for, and what your cloud service provider is responsible for.

7 most common ways to fail at DevSecOps

7 most common ways to fail at DevSecOps

DevSecOps initiatives are fraught with peril and require careful consideration of culture, learning, process and business needs. Here's how companies tend to fail in those areas.

Load More