The Technology Modernization Fund (TMF) was enacted as part of the Modernizing Government Technology Act of 2017, with a goal of better securing sensitive Federal systems and data while utilizing taxpayer dollars as efficiently as possible. Earlier this year, the American Rescue Plan Act added $1 Billion dollars to the program. These funds can help agencies (Civilian, DoD, and the Intelligence Community) modernize systems, expand cybersecurity...

The (ISC)² Certified Cloud Security Professional (CCSP) credential to ensures that cloud security professionals have the required knowledge, skills, and abilities in cloud security design, implementation, architecture, operations, controls, and compliance with regulatory frameworks. The CCSP OnDemand is a self-paced learning solution that covers the 6 domains of the CCSP Common Body of Knowledge (CBK) in order to study for the CCSP examin...

The federal government is dedicated to advancing U.S. leadership in the research, development and use of artificial intelligence (AI), to promote both national security and economic prosperity. Using AI to improve cybersecurity is a logical target for its implementation. It is especially important as the threat landscape continues to evolve. The World Economic Forum (WEF) reports that about 1.7 billion IoT devices have been installed to date i...

We invite you to watch our webinar that occurred on May 24th, which aimed to provide solutions to the challenges posed by implementing current mandates, executive orders, and the new cybersecurity strategy. Navigating the complexities of implementing these measures can be a daunting task, and we at Veracode understand the difficulties faced by government agencies. Our esteemed panelists, Sam King, Chris Wysopal, and John Zangardi, are industry...

Public sector organizations wisely invested in Intrusion Detection Systems (IDS) to meet security requirements sufficient for the perimeter-based cyber threats of the time. However, today’s threat landscape is growing more complex and nefarious. As the urgency grows to combat modern advanced threats by adopting a Zero Trust security framework, public sector security teams find that standalone legacy IDS comes up short. Others may not yet...

The rise of cyber attacks signals the current approach to security isn’t working, and the industry must make a radical shift to ensure protection of its most important asset – data. Enter Zero Trust. A defined roadmap and lack of cohesive security solutions places the burden of technology integration and partner orchestration on the customer. This results in organizations implementing a self-defined approach made up of an assortme...

Zero Trust Architectures have become a focal point for the US Government in their efforts to improve the nation’s cybersecurity posture. Traditionally providing secure access to applications, including those hosted in the cloud, has forced agencies to make arduous compromises. They’ve needed to either sacrifice security for performance when bypassing security inspection, or performance for security by routing traffic through massiv...

Ever since the dawn of the internet, its usefulness lies in the data it handles, whether moving it, storing it, or calculating with it. As a result, just as Willie Horton once said he robbed banks because “that’s where the money is,” many of today’s cyber bad actors target agencies’ data because they can monetize it. As a result, cybersecurity is akin to the 20th century Cold War. On the one hand, bad actors ...

Cybercrime is evolving at the speed of innovation, sometimes outpacing the progress of cybersecurity. Cybercrime often has the advantage as it is highly motivated and not bound by the many required compliance and regulatory mandates that businesses face. Threat intelligence can be a useful ally, enriching the process of audit and assessment, and providing proof of security controls and policy enforcement that is required for security and comp...

In the last three years, the number of released cybersecurity mandates has doubled. From EO 14028, to BOD 23-01, 02, and (likely soon) 03, not to mention M-21-31 and M-22-09, these mandates are rarely backed with funding or staffing to help meet the reporting requirements. Rarely do agencies have the tools to report outcomes easily and in a trustworthy way. The result? Many agency CISOs and CIOs are left to fulfill an onslaught of mandates wi...