Chris Hughes

Chris Hughes currently serves as the co-founder and CISO of Aquia. Chris has nearly 20 years of IT/cybersecurity experience. This ranges from active duty time with the U.S. Air Force, a civil servant with the U.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an adjunct professor for M.S. cybersecurity programs at Capitol Technology University and University of Maryland Global Campus. Chris also participates in industry working groups such as the Cloud Security Alliances Incident Response Working Group and serves as the membership chair for Cloud Security Alliance D.C. Chris also co-hosts the Resilient Cyber Podcast. He holds various industry certifications such as the CISSP/CCSP from ISC2 as holding both the AWS and Azure security certifications. He regularly consults with IT and cybersecurity leaders from various industries to assist their organizations with their cloud migration journeys while keeping security a core component of that transformation.

A security practitioner's take on CISA’s Incident and Vulnerability Response Playbooks

6 key points of the new CISA/NSA 5G cloud security guidance

6 key points of the new CISA/NSA 5G cloud security guidance

The security guidance focuses on zero-trust concepts as the US agencies anticipate growth of 5G networks.

The 3 biggest challenges of SASE in hybrid cloud environments

The 3 biggest challenges of SASE in hybrid cloud environments

Tool sprawl, inadequate cooperation between network and security teams, or lack of trust can derail SASE adoption in hybrid cloud environments.

How software reliability can help drive software security

How software reliability can help drive software security

Adopting both devsecops and site reliability engineering concepts increases software availability and security by improving stability and shortening time to implement fixes.

NIST's new devsecops guidance to aid transition to cloud-native apps

NIST's new devsecops guidance to aid transition to cloud-native apps

The NIST guidance dives into technical and procedural nuances associated with implementing devsecops with cloud-native applications and microservices architectures.

CISA's Cloud Security Technical Reference Architecture: Where it succeeds and where it falls short

CISA's Cloud Security Technical Reference Architecture: Where it succeeds and where it falls short

CISA's reference architecture will help federal government agencies improve cloud security, but it relies too much on outdated guidance.

The case for a SaaS bill of material

The case for a SaaS bill of material

A SaaSBOM will provide greater visibility into the components of cloud-based software infrastructure. This proposal shows how to begin to develop one.

NTLM relay attacks explained, and why PetitPotam is the most dangerous

NTLM relay attacks explained, and why PetitPotam is the most dangerous

Attackers can intercept legitimate Active Directory authentication requests to gain access to systems. A PetitPotam attack could allow takeover of entire Windows domains.

Kubernetes hardening: Drilling down on the NSA/CISA guidance

Kubernetes hardening: Drilling down on the NSA/CISA guidance

The new guidance gives a solid foundation for hardening Kubernetes container environments. These are its key components and why they are important.

Why you need a SaaS governance plan, and what should be in it

Why you need a SaaS governance plan, and what should be in it

The rapid proliferation of authorized and unauthorized software-as-a-service solutions presents significant security risks. Now is the time for a strategy to manage those risks.

7 tenets of zero trust explained

7 tenets of zero trust explained

Cut through the hype. NIST's core zero trust elements provide a practical framework around which to build a zero trust architecture.

Securing infrastructure as code: Perils and best practices

Securing infrastructure as code: Perils and best practices

Some organizations are leaving themselves vulnerable when they adopt an infrastructure-as-code approach. Here's how to avoid misconfigurations and insecure templates.

Load More