Chris Hughes
Chris Hughes currently serves as the co-founder and CISO of Aquia. Chris has nearly 20 years of IT/cybersecurity experience. This ranges from active duty time with the U.S. Air Force, a civil servant with the U.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an adjunct professor for M.S. cybersecurity programs at Capitol Technology University and University of Maryland Global Campus. Chris also participates in industry working groups such as the Cloud Security Alliances Incident Response Working Group and serves as the membership chair for Cloud Security Alliance D.C. Chris also co-hosts the Resilient Cyber Podcast. He holds various industry certifications such as the CISSP/CCSP from ISC2 as holding both the AWS and Azure security certifications. He regularly consults with IT and cybersecurity leaders from various industries to assist their organizations with their cloud migration journeys while keeping security a core component of that transformation.
EPSS explained: How does it compare to CVSS?
The Exploit Prediction Scoring System has its shortcomings, but it can complement CVSS to help better prioritize and assess vulnerability risk.
The OSPO – the front line for secure open-source software supply chain governance
An open-source program office (OSPO) can act as both gatekeeper and evangelist in an organization’s struggle to ensure ubiquitous open-source components – incredibly useful but vulnerable to bad actors and misuse – are deployed safely...
U.S. government issues guidance for developers to secure the software supply chain: Key takeaways
The U.S. NSA, CISA and ODNI created the Securing the Software Supply Chain guide to focus on the software development lifecycle.
Key takeaways from the Open Cybersecurity Schema Format
The OCSF looks to standardize and normalize the data that cybersecurity tools generate with the goal of making them work better together.
6 best practices for blue team success
Every stakeholder, from the CISO to even the red team, wants the blue team to succeed against simulated cyberattacks. Sticking to this advice will help make that happen.
Vulnerability eXploitability Exchange explained: How VEX makes SBOMs actionable
VEX adds context to software vulnerabilities to better inform risk assessment decisions.
SBOM formats SPDX and CycloneDX compared
Understanding the differences between these widely used software bill of materials format standards is important, but your tools will likely need to support both.
How OpenSSF Scorecards can help to evaluate open-source software risks
Scorecards automatically generates a score for open-source projects based on potential vulnerabilities and dependencies.
Breaking down CIS's new software supply chain security guidance
The Center for Internet Security offers best practices for securing each phase of the software supply chain.
Understanding your API attack surface: How to get started
Attackers are targeting APIs with great success. Here's how to begin assessing your API attack surface and minimize your risk.
Key takeaways from CSA’s SaaS Governance Best Practices guide
Security and governance policies and practices are failing to keep up with the growth of SaaS usage. The Cloud Security Alliance's guidance aims to get that back on track.