Chris Hughes

Chris Hughes currently serves as the co-founder and CISO of Aquia. Chris has nearly 20 years of IT/cybersecurity experience. This ranges from active duty time with the U.S. Air Force, a civil servant with the U.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an adjunct professor for M.S. cybersecurity programs at Capitol Technology University and University of Maryland Global Campus. Chris also participates in industry working groups such as the Cloud Security Alliances Incident Response Working Group and serves as the membership chair for Cloud Security Alliance D.C. Chris also co-hosts the Resilient Cyber Podcast. He holds various industry certifications such as the CISSP/CCSP from ISC2 as holding both the AWS and Azure security certifications. He regularly consults with IT and cybersecurity leaders from various industries to assist their organizations with their cloud migration journeys while keeping security a core component of that transformation.

EPSS explained: How does it compare to CVSS?

The OSPO – the front line for secure open-source software supply chain governance

The OSPO – the front line for secure open-source software supply chain governance

An open-source program office (OSPO) can act as both gatekeeper and evangelist in an organization’s struggle to ensure ubiquitous open-source components – incredibly useful but vulnerable to bad actors and misuse – are deployed safely...

U.S. government issues guidance for developers to secure the software supply chain: Key takeaways

U.S. government issues guidance for developers to secure the software supply chain: Key takeaways

The U.S. NSA, CISA and ODNI created the Securing the Software Supply Chain guide to focus on the software development lifecycle.

Key takeaways from the Open Cybersecurity Schema Format

Key takeaways from the Open Cybersecurity Schema Format

The OCSF looks to standardize and normalize the data that cybersecurity tools generate with the goal of making them work better together.

6 best practices for blue team success

6 best practices for blue team success

Every stakeholder, from the CISO to even the red team, wants the blue team to succeed against simulated cyberattacks. Sticking to this advice will help make that happen.

Vulnerability eXploitability Exchange explained: How VEX makes SBOMs actionable

Vulnerability eXploitability Exchange explained: How VEX makes SBOMs actionable

VEX adds context to software vulnerabilities to better inform risk assessment decisions.

SBOM formats SPDX and CycloneDX compared

SBOM formats SPDX and CycloneDX compared

Understanding the differences between these widely used software bill of materials format standards is important, but your tools will likely need to support both.

How OpenSSF Scorecards can help to evaluate open-source software risks

How OpenSSF Scorecards can help to evaluate open-source software risks

Scorecards automatically generates a score for open-source projects based on potential vulnerabilities and dependencies.

Breaking down CIS's new software supply chain security guidance

Breaking down CIS's new software supply chain security guidance

The Center for Internet Security offers best practices for securing each phase of the software supply chain.

Understanding your API attack surface: How to get started

Understanding your API attack surface: How to get started

Attackers are targeting APIs with great success. Here's how to begin assessing your API attack surface and minimize your risk.

Key takeaways from CSA’s SaaS Governance Best Practices guide

Key takeaways from CSA’s SaaS Governance Best Practices guide

Security and governance policies and practices are failing to keep up with the growth of SaaS usage. The Cloud Security Alliance's guidance aims to get that back on track.

How the Secure Software Factory Reference Architecture protects the software supply chain

How the Secure Software Factory Reference Architecture protects the software supply chain

This breakdown of the Cloud Native Computing Foundation's secure software factory guidance focuses on software provenance and build activities.

Load More