Chris Hughes

Chris Hughes currently serves as the co-founder and CISO of Aquia. Chris has nearly 20 years of IT/cybersecurity experience. This ranges from active duty time with the U.S. Air Force, a civil servant with the U.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an adjunct professor for M.S. cybersecurity programs at Capitol Technology University and University of Maryland Global Campus. Chris also participates in industry working groups such as the Cloud Security Alliances Incident Response Working Group and serves as the membership chair for Cloud Security Alliance D.C. Chris also co-hosts the Resilient Cyber Podcast. He holds various industry certifications such as the CISSP/CCSP from ISC2 as holding both the AWS and Azure security certifications. He regularly consults with IT and cybersecurity leaders from various industries to assist their organizations with their cloud migration journeys while keeping security a core component of that transformation.

IDaaS explained: How it compares to IAM

MITRE ATT&CK v11 adds ICS matrix, sub-techniques for mobile threats

MITRE ATT&CK v11 adds ICS matrix, sub-techniques for mobile threats

The latest version of the MITRE ATT&CK Framework addresses two of the most pressing threat-actor targets: mobile devices and industrial control systems.

New SDP 2.0 specification facilitates zero-trust maturity

New SDP 2.0 specification facilitates zero-trust maturity

The Cloud Security Alliance's Software-Defined Perimeter 2.0 specification creates a path to a zero-trust approach through strong access controls.

Managing container vulnerability risks: Tools and best practices

Managing container vulnerability risks: Tools and best practices

The sooner you can identify vulnerabilities in containers, the better, and this advice on practices and tools can help.

Keeping secrets in a devsecops cloud-native world

Keeping secrets in a devsecops cloud-native world

Good secrets management practices can help identify and mitigate the risk to credentials, access keys, certificates and other sensitive data.

8 takeaways for CISOs from the NSTAC zero-trust report

8 takeaways for CISOs from the NSTAC zero-trust report

The zero-trust recommendations for federal agencies from the National Security Telecommunications Advisory Committee apply well to the private sector, too.

3 steps to supply chain resilience

3 steps to supply chain resilience

Malicious actors are targeting your third- and fourth-party vendors, causing supply chain disruption and risk to your own network. Mitigate that risk by taking these actions.

4 security concerns for low-code and no-code development

4 security concerns for low-code and no-code development

Low code does not mean low risk. By allowing more people in an enterprise to develop applications, low-code development creates new vulnerabilities and can hide problems from security.

NIST's new cyber-resiliency guidance: 3 steps for getting started

NIST's new cyber-resiliency guidance: 3 steps for getting started

The updated guidance provides goals and practical implementation advice, giving organizations a place to start with their cyber-resiliency efforts.

Using the NIST Cybersecurity Framework to address organizational risk

Using the NIST Cybersecurity Framework to address organizational risk

NIST's CSF, used with other guidance, can help map risk to actual threats and better comply with security mandates such as the U.S.'s cybersecurity executive order.

The 7 CIS controls you should implement first

The 7 CIS controls you should implement first

The CIS Critical Security Controls list (formerly the SANS Top 20 controls) has been the gold standard for security defense advice. These are the tasks you should do first.

A security practitioner's take on CISA’s Incident and Vulnerability Response Playbooks

A security practitioner's take on CISA’s Incident and Vulnerability Response Playbooks

The new CISA playbooks provide sound guidance on incident and vulnerability response, but mainly from a process perspective.

Load More