Chris Hughes

Chris Hughes currently serves as the co-founder and CISO of Aquia. Chris has nearly 20 years of IT/cybersecurity experience. This ranges from active duty time with the U.S. Air Force, a civil servant with the U.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an adjunct professor for M.S. cybersecurity programs at Capitol Technology University and University of Maryland Global Campus. Chris also participates in industry working groups such as the Cloud Security Alliances Incident Response Working Group and serves as the membership chair for Cloud Security Alliance D.C. Chris also co-hosts the Resilient Cyber Podcast. He holds various industry certifications such as the CISSP/CCSP from ISC2 as holding both the AWS and Azure security certifications. He regularly consults with IT and cybersecurity leaders from various industries to assist their organizations with their cloud migration journeys while keeping security a core component of that transformation.

Sigstore explained: How it helps secure the software supply chain

Sigstore explained: How it helps secure the software supply chain

The free sigstore signing service helps developers establish provenance and integrity of open-source software.

The Open Source Software Security Mobilization Plan: Takeaways for security leaders

The Open Source Software Security Mobilization Plan: Takeaways for security leaders

The plan from the Linux Foundation and OpenSSF presents three goals to improve open-source software security during development and more effectively address vulnerabilities.

IDaaS explained: How it compares to IAM

IDaaS explained: How it compares to IAM

IDaaS is a cloud-based consumption model for IAM. It offers cost, scalability, and other advantages, but it also comes with its own risks.

MITRE ATT&CK v11 adds ICS matrix, sub-techniques for mobile threats

MITRE ATT&CK v11 adds ICS matrix, sub-techniques for mobile threats

The latest version of the MITRE ATT&CK Framework addresses two of the most pressing threat-actor targets: mobile devices and industrial control systems.

New SDP 2.0 specification facilitates zero-trust maturity

New SDP 2.0 specification facilitates zero-trust maturity

The Cloud Security Alliance's Software-Defined Perimeter 2.0 specification creates a path to a zero-trust approach through strong access controls.

Managing container vulnerability risks: Tools and best practices

Managing container vulnerability risks: Tools and best practices

The sooner you can identify vulnerabilities in containers, the better, and this advice on practices and tools can help.

Keeping secrets in a devsecops cloud-native world

Keeping secrets in a devsecops cloud-native world

Good secrets management practices can help identify and mitigate the risk to credentials, access keys, certificates and other sensitive data.

8 takeaways for CISOs from the NSTAC zero-trust report

8 takeaways for CISOs from the NSTAC zero-trust report

The zero-trust recommendations for federal agencies from the National Security Telecommunications Advisory Committee apply well to the private sector, too.

3 steps to supply chain resilience

3 steps to supply chain resilience

Malicious actors are targeting your third- and fourth-party vendors, causing supply chain disruption and risk to your own network. Mitigate that risk by taking these actions.

4 security concerns for low-code and no-code development

4 security concerns for low-code and no-code development

Low code does not mean low risk. By allowing more people in an enterprise to develop applications, low-code development creates new vulnerabilities and can hide problems from security.

NIST's new cyber-resiliency guidance: 3 steps for getting started

NIST's new cyber-resiliency guidance: 3 steps for getting started

The updated guidance provides goals and practical implementation advice, giving organizations a place to start with their cyber-resiliency efforts.

Using the NIST Cybersecurity Framework to address organizational risk

Using the NIST Cybersecurity Framework to address organizational risk

NIST's CSF, used with other guidance, can help map risk to actual threats and better comply with security mandates such as the U.S.'s cybersecurity executive order.

The 7 CIS controls you should implement first

The 7 CIS controls you should implement first

The CIS Critical Security Controls list (formerly the SANS Top 20 controls) has been the gold standard for security defense advice. These are the tasks you should do first.

A security practitioner's take on CISA’s Incident and Vulnerability Response Playbooks

A security practitioner's take on CISA’s Incident and Vulnerability Response Playbooks

The new CISA playbooks provide sound guidance on incident and vulnerability response, but mainly from a process perspective.

6 key points of the new CISA/NSA 5G cloud security guidance

6 key points of the new CISA/NSA 5G cloud security guidance

The security guidance focuses on zero-trust concepts as the US agencies anticipate growth of 5G networks.

The 3 biggest challenges of SASE in hybrid cloud environments

The 3 biggest challenges of SASE in hybrid cloud environments

Tool sprawl, inadequate cooperation between network and security teams, or lack of trust can derail SASE adoption in hybrid cloud environments.

How software reliability can help drive software security

How software reliability can help drive software security

Adopting both devsecops and site reliability engineering concepts increases software availability and security by improving stability and shortening time to implement fixes.

NIST's new devsecops guidance to aid transition to cloud-native apps

NIST's new devsecops guidance to aid transition to cloud-native apps

The NIST guidance dives into technical and procedural nuances associated with implementing devsecops with cloud-native applications and microservices architectures.

CISA's Cloud Security Technical Reference Architecture: Where it succeeds and where it falls short

CISA's Cloud Security Technical Reference Architecture: Where it succeeds and where it falls short

CISA's reference architecture will help federal government agencies improve cloud security, but it relies too much on outdated guidance.

The case for a SaaS bill of material

The case for a SaaS bill of material

A SaaSBOM will provide greater visibility into the components of cloud-based software infrastructure. This proposal shows how to begin to develop one.

Load More