Americas

  • United States

Asia

Europe

Oceania

Popular Topics

Topics

About

Policies

Our Network

More

HomeCommunityChris Hughes

Chris Hughes

  • Image
    Contributing Writer
    Chris Hughes currently serves as the co-founder and CISO of Aquia. Chris has nearly 20 years of IT/cybersecurity experience. This ranges from active duty time with the U.S. Air Force, a civil servant with the U.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an adjunct professor for M.S. cybersecurity programs at Capitol Technology University and University of Maryland Global Campus. Chris also participates in industry working groups such as the Cloud Security Alliances Incident Response Working Group and serves as the membership chair for Cloud Security Alliance D.C. Chris also co-hosts the Resilient Cyber Podcast. He holds various industry certifications such as the CISSP/CCSP from ISC2 as holding both the AWS and Azure security certifications. He regularly consults with IT and cybersecurity leaders from various industries to assist their organizations with their cloud migration journeys while keeping security a core component of that transformation.

Articles by Chris Hughes

feature

Understanding OWASP’s Bill of Material Maturity Model: Not all SBOMs are created equal

The push to create more detailed, reliable, and mature BOMs with sufficient detail and depth to counter supply chain attacks continues to advance with the latest OWASP model.

By Chris Hughes
Nov 15, 2023 9 mins
DevSecOps Software Deployment Supply Chain
feature

NIST provides solid guidance on software supply chain security in DevSecOps

By Chris Hughes
Oct 19, 2023 9 mins
DevSecOps Supply Chain Security Practices
feature

Key findings from the CISA 2022 Top Routinely Exploited Vulnerabilities report

By Chris Hughes
Sep 21, 2023 8 mins
Zero Trust Threat and Vulnerability Management Security Practices
feature

Will CVSS 4.0 be a vulnerability-scoring breakthrough or is it broken?

The soon-to-be-released scoring system update has promise, but challenges remain for it to deliver exactly what CISOs need to get ahead of the latest vulnerabilities.

By Chris Hughes
Aug 07, 2023 8 mins
Threat and Vulnerability Management ROI and Metrics Vulnerabilities
feature

How EPSS 3.0 is an improvement over previous versions of the threat assessment system

The third iteration of the Exploit Prediction Scoring System helps security teams prioritize vulnerabilities through prediction.

By Chris Hughes
Jul 11, 2023 7 mins
Advanced Persistent Threats Threat and Vulnerability Management Security
feature

Embracing zero-trust: a look at the NSA’s recommended IAM best practices for administrators

The US National Security Agency and CISA have published a set of guidelines to help secure systems from access- and identity-based threats. Here’s what to look for in this wide-ranging document.

By Chris Hughes
Apr 26, 2023 8 mins
Zero Trust Government Data and Information Security
how-to

Best practices for protecting AWS RDS and other cloud databases

The Relational Database Service from AWS can help streamline a host of cloud storage operations, but maintaining security requires some attention on the part of the user. Here are some best practices for using RDS.

By Chris Hughes
Mar 27, 2023 6 mins
Amazon Web Services Cloud Security Data and Information Security
feature

EPSS explained: How does it compare to CVSS?

The Exploit Prediction Scoring System has its shortcomings, but it can complement CVSS to help better prioritize and assess vulnerability risk.

By Chris Hughes
Nov 24, 2022 7 mins
Threat and Vulnerability Management Risk Management
feature

The OSPO – the front line for secure open-source software supply chain governance

An open-source program office (OSPO) can act as both gatekeeper and evangelist in an organization’s struggle to ensure ubiquitous open-source components – incredibly useful but vulnerable to bad actors and misuse – are deployed safe

By Chris Hughes
Nov 01, 2022 6 mins
DevSecOps Application Security Open Source
feature

U.S. government issues guidance for developers to secure the software supply chain: Key takeaways

The U.S. NSA, CISA and ODNI created the Securing the Software Supply Chain guide to focus on the software development lifecycle.

By Chris Hughes
Sep 15, 2022 8 mins
DevSecOps Application Security Open Source

Show me more

feature

How cybersecurity teams should prepare for geopolitical crisis spillover

By Christopher Whyte
Dec 05, 202312 mins
Advanced Persistent ThreatsAdvanced Persistent ThreatsAdvanced Persistent Threats
Image
news analysis

P2Pinfect Redis worm targets IoT with version for MIPS devices

By Lucian Constantin
Dec 04, 20235 mins
BotnetsHacker GroupsSecurity Practices
Image
news

Hackers book profit by scamming Booking.com customers

By Gagandeep Kaur
Dec 04, 20234 mins
Cyberattacks
Image
podcast

CSO Executive Sessions Australia with Sunil Sale, CISO at MinterEllison

Nov 20, 202315 mins
CSO and CISO
Image
podcast

CSO Executive Sessions Australia with Robbie Whittome, CISO at Curtin University

Oct 16, 202315 mins
CSO and CISO
Image
podcast

CSO Executive Sessions / ASEAN: Cisco's Anthony Grieco on opportunities in Southeast Asia's cybersecurity landscape

Oct 10, 202316 mins
CSO and CISO
Image
video

CSO Executive Sessions Australia with Sunil Sale, CISO at MinterEllison

Nov 20, 202315 mins
CSO and CISO
Image
video

AI and Cybersecurity: Speed Bumps, Training, and Communication

Nov 06, 202317 mins
CyberattacksGenerative AI
Image
video

CSO Executive Sessions Australia with Robbie Whittome

Oct 16, 202315 mins
CSO and CISO
Image