Americas

Asia

Europe

Oceania

Popular Topics

Topics

About

Policies

Our Network

More

Chris Hughes

  • Image
    Contributing Writer
    Chris Hughes currently serves as the co-founder and CISO of Aquia. Chris has nearly 20 years of IT/cybersecurity experience. This ranges from active duty time with the U.S. Air Force, a civil servant with the U.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an adjunct professor for M.S. cybersecurity programs at Capitol Technology University and University of Maryland Global Campus. Chris also participates in industry working groups such as the Cloud Security Alliances Incident Response Working Group and serves as the membership chair for Cloud Security Alliance D.C. Chris also co-hosts the Resilient Cyber Podcast. He holds various industry certifications such as the CISSP/CCSP from ISC2 as holding both the AWS and Azure security certifications. He regularly consults with IT and cybersecurity leaders from various industries to assist their organizations with their cloud migration journeys while keeping security a core component of that transformation.

Articles by Chris Hughes

Filter by
All
English
German
feature

Understanding OWASP’s Top 10 list of non-human identity critical risks

Non-human identities represent a vast chunk of credentials used by a typical organization, up to 50 times higher than the number of human identities. Here is an explanation of OWASP’s new Top 10 guide to securing NHIs.

By Chris Hughes
20 Feb 2025 13 mins
Data and Information Security Identity and Access Management Risk Management
opinion

Why honeypots deserve a spot in your cybersecurity arsenal

By Chris Hughes
05 Feb 2025 6 mins
Advanced Persistent Threats Risk Management Security Practices
opinion

Secure by design vs by default – which software development concept is better?

By Chris Hughes
03 Jan 2025 11 mins
DevSecOps Development Approaches Security Practices
feature

Top 10 cybersecurity misconfigurations: Nail the setup to avoid attacks

Misconfigured cybersecurity products can be gateways to a breach – this guide from the NSA and CISA identifies key weak spots in software configuration that can be corrected.

By Chris Hughes
17 Dec 2024 10 mins
Configuration Management Security Practices Threat and Vulnerability Management
tip

GenAI-Security als Checkliste

Die OWASP-Checkliste für AI Cybersecurity und -Governance verspricht schnelle Unterstützung für Unternehmen, um generative KI sicher einzusetzen.

By Chris Hughes and Florian Maier
14 Nov 2024 9 mins
Generative AI
opinion

Kicking dependency: Why cybersecurity needs a better model for handling OSS vulnerabilities

Most organizations are still immature when it comes to identifying open-source dependencies that can usher in a host of problems when dealing with vulnerabilities.

By Chris Hughes
06 Nov 2024 11 mins
Security Software Supply Chain Threat and Vulnerability Management
feature

Want to know how the bad guys attack AI systems? MITRE’S ATLAS can show you

MITRE’s ATLAS threat landscape knowledge base for artificial intelligence is a comprehensive guide to the tactics and processes bad actors use to compromise and exploit AI systems.

By Chris Hughes
20 Sep 2024 12 mins
Data and Information Security Hacking Threat and Vulnerability Management
opinion

Application detection and response is the gap-bridging technology we need

There are many good reasons to embrace ADR as a security staple and a whole lot more why other technologies can’t address all the security needs of applications running out there in the wild.

By Chris Hughes
12 Sep 2024 7 mins
Application Security DevSecOps Endpoint Protection
how-to

3 key strategies for mitigating non-human identity risks

For every 1,000 human users, most networks have around 10,000 NHIs, and that can be a huge task to manage. Here are 3 fundamental areas to focus on when securing NHIs.

By Chris Hughes
22 Aug 2024 6 mins
Data and Information Security Identity and Access Management Risk Management
feature

Top 10 open source software security risks — and how to mitigate them

Open source software is the bedrock of modern software development, but it can also be a weak link in the software supply chain. Here are the biggest risks — and tips on how to safely use OSS components.

By Chris Hughes
12 Jul 2024 11 mins
Open Source Risk Management

Show me more

news

Linux, macOS users infected with malware posing as legitimate Go packages

By Shweta Sharma
07 Mar 20253 mins
MalwareSecurity
Image
feature

8 obstacles women still face when seeking a leadership role in IT

By Christina Wood
07 Mar 20258 mins
CareersIT Leadership
Image
feature

What is risk management? Quantifying and mitigating uncertainty

By Josh Fruhlinger
07 Mar 202510 mins
IT Governance FrameworksIT LeadershipRisk Management
Image
podcast

CSO Executive Sessions: How cybersecurity impacts company ratings - A fey factor for investors and consumers

12 Feb 202527 mins
Security
Image
podcast

CSO Executive Sessions: Guardians of the Games - How to keep the Olympics and other major events cyber safe

07 Aug 202417 mins
CSO and CISO
Image
podcast

CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi)

17 Jul 202417 mins
CSO and CISO
Image
video

CSO Executive Sessions: How cybersecurity impacts company ratings - A fey factor for investors and consumers

12 Feb 202527 mins
Security
Image
video

CSO Executive Sessions: How should software solution providers keep themselves and their enterprise clients safe?

26 Jan 202518 mins
Security
Image
video

CSO Executive Sessions: Open Source Institute’s Eric Nguyen on supply chain risks to critical infrastructure (Part 2)

14 Nov 202415 mins
Critical InfrastructureIT GovernanceSupply Chain
Image