Last month the New York Times published a now famous op-ed from someone within President Trump’s administration.  The piece led to a hunt for the “member of the resistance” and denials by major political figures.  Watching this unfold I began to wonder whether Artificial Intelligence could have identified the author.  I have applied machine learning to all sorts of pattern recognition problems and this seemed like just another example.

TELEGRID is a market leader in the field of behavioral biometrics which includes voice recognition.  Voice recognition utilizes subtle nuances in a user’s speech pattern to perform user verification or identification.  This field is widely researched and several technologies have made their way into commercial products.  For instance, last year, Amazon announced that Alexa could differentiate between voices.

If we can perform speaker identification then author identification is not a big leap.  Handwriting recognition, which uses optical character recognition, has also been around for a long time and is used widely in the banking industry for signature verification.

But what about text that is not handwritten, is there enough difference in authors’ styles to identify them?

Stylometry is the identification of linguistic style in written language.  While around for hundreds of years, it was not until 1964 that Mosteller and Wallace applied statistical modeling to identify the authors of the Federalist Papers.  This began the application of machine learning to author identification of other classic literature and even tweets.

The results of this research have been positive but the lack of a valid business case has limited the technology’s penetration.  For instance while it might be interesting to find out if someone forged their college essay, it is doubtful that Universities will pay for it.  One potential market is artist verification for auction houses.  While not linguistic, perhaps this will be the market that helps the development of author identification.

Eric Sharret is Vice President of Business Development at TELEGRID.  TELEGRID has unique expertise in secure authentication, behavioral biometrics, PKI, Multi-Factor Authentication, and secure embedded systems.

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post Using AI to Identify the Resistance appeared first on TELEGRID.

My Data Set is Bigger

Recently a team at the University of Manchester released a study about a system that identifies users by the way they walk.  The system uses pressure pads on the floor and a high-res camera to authenticate users based on their footsteps.   The article states that the team “compiled a database consisting of 20,000 footstep signals from more than 120 individuals.  It’s now the largest footsteps database in existence.”  I would love to hear the debate between this researcher and the researcher who has the second largest footsteps database in existence.

I understand the importance of having a large data set to cross validate and test an algorithm but Machine Learning marketing should be focused on the algorithm and not the data set size.  For instance with algorithms that suffer from high bias (AKA underfitting), the size of the data set will not have much of an impact.  Additionally certain algorithms (e.g., Support Vector Machines) can be very slow if the data set is too large.  If the speed of your Machine Learning system is important this should matter to you.

My Feature Set is Bigger

In Machine Learning features are used to predict an outcome.  For user authentication features include motion sensor data, keyboard clicking rhythm, GPS location, etc.  I recently saw an advertisement for a Machine Learning system that claimed its algorithm was the best because it used 1,000 features.

This Machine Learning marketing was claiming that the higher the number of features the better the quality of the Machine Learning algorithm.  However, if your algorithm suffers from high variance (AKA overfitting) the number of features should be reduced not increased.  Additionally, performing linear algebra functions on matrices with a high number of features can consume valuable resources.  This is an issue for Machine Learning systems that are designed to run on low power and low compute devices like mobile devices.

My Number of Iterations is Bigger

Researchers often base the superiority of their prediction on the number of times the underlying algorithm was run.  For instance, a recent study on the World Cup found that Germany had a 12.8% chance of winning.  As the Machine Learning marketing clearly shows the support for this prediction was the fact that the algorithm was run 100,000 times.  Despite the number of iterations Germany crashed out in the first round.  Now you can blame the algorithm, the human element or simply the fact that the study was performed by German researchers and was therefore biased from the start.  One thing is clear though, the number of iterations had little impact on the accuracy of this Machine Learning algorithm.

I believe the lesson from these examples is that we must cut through size-based Machine Learning marketing and challenge developers to justify their choices.  You wouldn’t select a software package simply because it was written by 10,000 engineers would you?  We should ask developers why they picked specific features.  Are all the selected features necessary or is the correlation high enough so that a few can be removed?  How is the large data set being used to improve the algorithm?  Also, how will the algorithm design affect its performance on your specific hardware?

We need to refocus Machine Learning marketing away from size and instead towards justification of the Machine Learning model.

Eric Sharret is Vice President of Business Development at TELEGRID.  TELEGRID has unique expertise in secure authentication, PKI, Multi-Factor Authentication, and secure embedded systems.

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post Machine Learning Marketing: Ignore Size appeared first on TELEGRID.

In ROS a process is called a node and every node is responsible for one task. Nodes communicate with each other using messages passed through logical channels known as topics. Nodes can send or receive data from another node using by publishing or subscribing to a topic.Nodes and topics. Image adapted from a tutorial from Justin Huang.

In order to start learning ROS you will need a robot.  For beginners, the best place to start is with a good affordable robot called the Turtlebot.  Turtlebot is the most affordable advanced ROS robot on the market.   It uses off-the-shelf consumer electronics like the Orbbec Astra Pro sensor, a standard netbook and a robot base built from a repurposed robot vacuum cleaner to keep costs low.

TurtleBot is a low-cost, personal robot kit with open-source software.  Turtlebot was designed in collaboration with the original makers of ROS, Willow Garage in 2010 and has since become the go-to software platform for roboticists around the world.

A TurtleBot allows you to build a custom robot that can drive around as well as see in 3D.  You can create amazing applications and learn more about ROS.  As an entry level mobile robotics platform, TurtleBot has many of the same capabilities of the company’s larger robotics p

latforms, like PR2.

Still want to learn ROS without buying a robot?  Easy – robot simulation.  A robotics simulator is used to create applications for a physical robot without depending on the actual machine which saves time and money. In most cases these applications can be transferred onto the physical robot without modifications.

The Open Source Robotics Foundation (OSRF) provides a free and open source robot simulator called Gazebo.  Gazebo

is an open source robot simulation application.  Used by both hobbyists an

d professionals alike, one can build models that act like real robots and move in their own world, ruled by its four, state of the art, physics engines the default being ODE Open Dynamics Engine.

The ROS Foundation provides a free Turtlebot Simulator which allows you to learn ROS and write code that can be moved to a real Turtlebot robot.  You can be up and running in 15 minutes!

To learn more check out these links:

www.ros.org 

gazebosim.org/

www.turtlebot.com

wiki.ros.org/turtlebot_gazebo

B

The post Getting Started with the Robot Operating System (ROS) appeared first on TELEGRID.

What we didn’t know then was that those kids were on the forefront of wireless communications which will become so important in the future.  They were communicating far and wide before cell phones were even a dream.

Ham radios communicate on a variety of radio frequencies that are allocated by the FCC for amateur use.  No License is required to purchase the equipment or to receive (listen), however, an FCC License is required to transmit on Amateur Radio frequencies in the USA.

Ham radios may operate from just above the AM broadcast band (1605 to 1705 kHz) to the microwave region in the GHz range with many ham bands found above the AM band to just above the citizens band (27 MHz). These bands are often referred to as short-wave bands which “bounce” off the ionosphere from the transmitter to the receiver’s antenna. The higher the frequency the “shorter” the wavelength.  This is different than FM radio and TV stations which use line-of-sight frequencies and are limited to 40 or 50 miles.

As a kid, I asked my Dad what it would take to get started in amateur radio and his response, money.

The equipment or “gear” for ham radio is expensive.  Radio components such as modulators, demodulators and tuners are traditionally implemented in hardware components which are expensive.

All that changed with the advent of modern computing and analog to digital converters which allowed most of these traditionally hardware-based components to be implemented in software.  This led to the creation of  what is now known as Software Defined Radio (SDR) which enables easy signal processing and the production of inexpensive wideband scanner radios.

The introduction of SDR was originally limited mostly to military organizations but SDR was transformed with the introduction of the RTL-SDR (www.rtl-sdr.com), a $25 SDR USB dongle.

The RTL-SDR operates in the 500 kHz – 1766 MHz frequency range and connects to a PC or laptop via USB.  The open source software application SDR# can be used to display the measurable frequency spectrum and even demodulate FM radio so you can hear music.

Other inexpensive SDR followed including the HackRF (https://greatscottgadgets.com/hackrf/) which can operate up to 6GHz.  It is considerably more expensive at $300 but higher frequencies require more expensive components.

Now anyone on a budget, including hobbyists (like me) can access the radio spectrum. This type of scanner capability would have cost hundreds or even thousands of dollars just a few years ago.

So what can you do with SDR?  This list is just few ideas from the rtl-sdr blog:

So what is TELEGRID doing with them? We are creating exciting solutions for the US Military using this technology.  We just and can’t talk about it here.  If you want more information or have a new, exciting idea that requires a custom RF solution, please give us a call at 973 994-4440 – we love to talk about RF!

Want to learn more.  Click on the following links:

http://www.arrl.org/clubs

https://www.rtl-sdr.com

https://greatscottgadgets.com/hackrf/

https://electronics.howstuffworks.com/ham-radio2.htm

B

The post THE B-HIVE: Cheap Software Defined Radio (SDR) Changes Everything! appeared first on TELEGRID.

I thought so too until I watched a 2014 video of Charlie Miller and Chris Valasek forcing a Jeep Cherokee to go off the highway into a ditch at full speed.  What’s the big deal?  THEY WEREN’T IN THE CAR!  They were driving behind the Jeep and were able to control it remotely. Scary.

How did they do it?  First, they hacked into the vehicle through an unsecure Wi-Fi connection – easy, unfortunately.

But how did they control the car?  By hacking the vehicle control network – the CAN Bus.

As cars became more advanced and offered more features the need for a common communication protocol emerged.   In 1983, a team at Bosch started developing the Controller Area Network (CAN) Bus to solve this complex problem.  New features including airbags, power steering, acceleration, braking, cruise control, audio components, power windows & doors now had a standard way to communicate with each other.  These components connect directly to the CAN Bus through Electronic Control Units (ECUs) which primarily consist of microprocessors and sensors.  In simplest terms, the CAN bus is a network where any system in the car can send and receive commands, kind of like an electronic command center.

The original CAN Bus was designed at a time when the thought of hacking vehicle software or any software was a far-off thought.  It was so incredibly difficult to even write custom embedded code that the idea of someone hacking it was just crazy.  Well, here we are at crazy.

The implementation of the CAN bus also allowed car manufacturers to move forward with the On-Board Diagnostics (OBD) protocol standard currently OBD-II. OBD-II offers a set of problem codes that can be easily interpreted by mechanics when trying to diagnose a problem. You can find the typeical OBD port under the steering column.

All you need to buy is a CAN bus module – here’s one from Sparkfun.com (https://www.sparkfun.com/products/13262).

Hook it up to your car’s OBD connector and a laptop and you can see all the information being transmitted on your cars CAN bus.  Cool right?  But wait – Did it ask you to login?

Nope … and that’s where our problem begins.

The CAN Bus has no security measures, period.  Messages are transmitted on the bus with only unique identifiers.  The lower the numerical value of the ID, the higher the message priority.  The problem is that there is no origination or destination indication transmitted with the message.  In a world of TCP/IP the idea that a message can be transmitted without knowing the sender is nuts!  This allows ANYONE to transmit messages on the bus with any ID at any time.

Lack of security leaves the CAN Bus susceptible to many different attack scenarios.  The easiest attack is a brute force attack where a hacker simply has to transmit high priority messages on the bus at such a high rate that the other messages can’t get through.  This will eventually immobilize the car and the driver.

The real danger, however,  is when a sophisticated hacker deciphers valid CAN Bus messages and is able to retransmit them at will which allows a hacker to gain control of the vehicle.  (This is also how self-driving cars work – but we will talk about that another time).

So what are we to do?  Many ideas have come up about how to implement security.  One method calls for adding authentication or encryption to the bus.  The issue with these types of methods is that they can introduce latency on the bus which will affect vehicle performance.  These methods also call for a network connection to a remote Certificate Authority (CA) and a central powerful processor which do not exist today.  These solutions probably will not happen without a complete vehicle network redesign which is a big deal.

Other methods include using Artificial Intelligence (AI) to identify “normal” CAN Bus behavior and then perform anomaly detection.  Again, this is a good method but requires a great deal of training to produce a behavioral model.  That means countless hours driving different “control” vehicles with different drivers in order to produce unique patterns.

My team at TELEGRID has a different approach that can identify a CAN Bus attacker without affecting the vehicle performance or long training periods.  We are currently working on this solution for US military vehicles and can’t discuss it here so give us a call (973.994.4440) for more information.

Apparently one sure security method available today involves ensuring that the external Wi-Fi connections to the vehicle are secure.  After the initial Jeep hack, Chrysler secured the Wi-Fi connection that made the hack possible and issued a recall for all at-risk vehicles.  Problem solved?  Well, no, because a few years later Charlie and Chris were again able to hack into a Jeep vehicle even after the recall through a different open connection.  Sigh.

In the meantime, all we can do is hope that car manufacturers will put as much emphasis on vehicle security as they do on heated and cooled seats.

Want to learn more?  Check out these links:

http://illmatics.com/carhacking.html

https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/

https://medium.freecodecamp.org/hacking-cars-a-guide-tutorial-on-how-to-hack-a-car-5eafcfbbb7ec

Thank you to the TELEGRID team for spending countless hours in the car listening to my country music and to Charlie Miller and Chris Valasek – not all super heroes wear capes.

Thanks for reading and that’s the buzz from the B-hive.

B

The post THE B-HIVE: Hacking the CAN Bus appeared first on TELEGRID.

TELEGRID recently completed a review by an Institutional Review Board (IRB) for a test involving biometrics.  An IRB is an ethics board that approves and monitors research involving human subjects – think of drug trials for the Food and Drug Administration.  In fact when our Government customer first asked us to go before an IRB I replied, “Why?  I am not putting shampoo in anyone’s eyes.”  However, since we were collecting biometrics from human subjects we were required to speak to an IRB about how we intended to protect the subjects’ information from data leakage.

Aside from the mountain of paperwork, the process was fairly painless and we were deemed exempt based on the type of data we were collecting, the level of security we maintain at our offices, and our ability to maintain subject anonymity.  While I agree with the type of data and cybersecurity controls being a basis for exemption, past studies have raised doubts about the ability to protect anonymity in machine learning.

For instance, in 2006, researchers from the University of Texas at Austin were able to identify Netflix users by matching a database of anonymous users’ movie preferences with users who publicly entered movie ranking on IMDb.  Anonymity was challenged again in 2013 when a Harvard professor identified 40% of a sample of anonymous participants in the Personal Genome Project.  While both studies relied on a secondary dataset, which may not always be available, they did show that it is possible to identify subjects in anonymous databases.

To protect anonymity in machine learning researchers have been working on a new technique called Differential Privacy.  Differential Privacy allows machine learning algorithms to arrive at the same conclusion whether or not a subject is included in the input data set.  To explain it we will use the classic example of a pollster asking a subject which political party they voted for.  If the pollster collected other data, which can be cross referenced to a public database, it is possible to identify the subject and their voting history.  To institute Differential Privacy we would instead ask the subject to flip a coin, and based on the result, either tell the truth or lie about who they voted for.  Using statistics it is possible to extract the ‘noise’ of the coin flip.

In short, Differential Privacy is the controlled injection of noise into a data sample to provide a subject with the ability to plausibly deny that they gave a specific response.

Differential Privacy is still in its infancy, and requires a larger data set in order to overcome the injected noise, but it is currently the most promising option we have to protect anonymity in machine learning. If you would like to learn more about Differential Privacy I would suggest starting with this episode from the podcast This Week in Machine Learning & AI.

Eric Sharret is Vice President of Business Development at TELEGRID.  TELEGRID has unique expertise in secure authentication, PKI, Multi-Factor Authentication, and secure embedded systems.

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post How to Protect Anonymity in Machine Learning appeared first on TELEGRID.

As any James Bond fan knows, forged passports are a problem.  For example, a recent Reuters article detailed how Kim Jong-il and Kim Jong-un of North Korea allegedly used a Brazilian passport to obtain visas from foreign countries.  To combat this threat e-Passports were developed over a decade ago and since 2015 the US has required them from countries on the visa-waiver list.

e-Passports include a chip containing electronic information that matches the physical information on a passport.  To prevent forged passports, the information on this chip is digitally signed by the issuing country’s Certificate Authority (CA).

Click to Subscribe

The digital signing process involves hashing the electronic passport data and then encrypting that hash with the CA’s private key.  Software then decrypts the signature with the CA’s public key and compares the result to its own hash of the passport data.  The only way these two values would match is if the signature was created from a matching public-private key pair.  For more information on how digital signatures work watch our video tutorial on Public Key Infrastructure (PKI).

Even though CBP is checking that the electronic and physical information match, there is no way to guarantee that both are not fake if the digital signature is not verified.  This leaves our border open to forged passports.

In a 2010 report the Government Accountability Office (GAO) gave the two main reasons why CBP is not checking digital signatures.

1) “A database needs to be established and populated with the digital certificates needed to fully validate the digital signatures that can be accessed by CBP inspection workstations at the ports of entry.”

2) “CBP needs to develop and implement functionality on its inspection workstations to access the database.”

The first issue could be resolved by accessing the ICAO Public Key Directory (PKD) and downloading the CA certificates.  The International Civil Aviation Organization (ICAO) specifically created the PKD as a central repository for countries to exchange information required to validate e-Passports.

Click to Subscribe

The second issue I do not believe is a question of a software upgrade since checking digital signatures is a standard process.  Rather, I believe it is the time to access the certificate database and perform revocation checking.  This is similar to the issue the retail sector had when chip based credit cards were introduced.  Considering how many people CBP has to clear each day I understand the concern.  However, there are solutions available.  To speed up revocation checking CBP can create local CRLs or OSCP responders that are updated daily.  This is similar to the approach the US Army takes with revocation checking on its tactical networks.

At the end of the day, these are not difficult problems and I expect CBP to solve them quickly – most likely by contacting TELEGRID (hint, hint).

Eric Sharret is Vice President of Business Development at TELEGRID.  TELEGRID has unique expertise in secure authentication, PKI, Multi-Factor Authentication, and secure embedded systems.

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post Forged Passports, CBP and Digital Signatures appeared first on TELEGRID.

When quoting the security expert Dr Andrew Zonenberg the author wrote “SimpliSafe has also installed a one-time programmable chip in its alarm, meaning there’s no chance of an over-the-air update. It means there’s no patch coming, leaving all owners without a remedy other than to stop using the equipment, Zonenberg said.”

A one-time programmable chip? Meaning you ship the product and hope that you never have an issue!  Can you imagine designing a system that could never be fixed?  Where would Microsoft or Apple be if they could not send security updates to their customers?  It seems SimpliSafe has learned their lesson and will soon be releasing hardware that allows over-the-air firmware updates.

Click to Subscribe

I believe we can learn two lessons from this story.

1) There is a hardware talent gap.  Our reliance on cloud and application development has created a shortage of good hardware and embedded software engineers.  The essence of virtualization is the separation of physical hardware from the operating system.  It seems some engineers have developed mental hypervisors and no longer understand the dependence of software on the underlying hardware.

When designing a new product, even a purely software product, I would recommend hiring a few electrical engineers.  They will be able to explain how keys should be stored in a TrustZone or how a Trusted Platform Module can enhance software security through attestation.  Even if they end up performing tasks similar to software engineers their skill set is imperative for the future security of your products.

2) As Benjamin Franklin said, “If you fail to plan you are planning to fail.”  Most companies’ product design and development process begins with generating a Technical Requirements Document (TRD) and an Operational Requirements Document (ORD).  At TELEGRID we add another document, the Security Requirements Document (SRD).  The SRD is developed by our Cybersecurity Subject Matter Experts (SMEs) and is based on NIST requirements and DISA Security Technical Implementation Guides (STIGs).  It is a forward looking security document to ensure product flexibility.  It helps engineers view the product from a different perspective and identify future security threats.

We need to remember that cybersecurity is a game of cat and mouse.  We must break our mental hypervisors to ensure the future security of both our product’s software and its hardware.

Eric Sharret is Vice President of Business Development at TELEGRID.  TELEGRID has unique expertise in secure embedded systems, secure authentication, PKI, and Multi-Factor Authentication (MFA).

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post Mental Hypervisors and Hardware Cybersecurity appeared first on TELEGRID.

According to the study over 3 billion (that’s billion with a B) credentials were stolen in 2016 alone and Credential Stuffing is responsible for “more than 90% of login traffic on many of the world’s largest websites and mobile applications.”  Additionally, according to the study, Credential Stuffing had “up to a 2% success rate in taking over accounts on systems that did not report public data breaches.”

90% of login traffic with a 2% success rate…that is scary!  The reason why Credential Stuffing is so effective is because, as mentioned previously, it takes advantage of organizational ambivalence, botnet technology and human nature.  Let’s look at each of these elements.

Click to Subscribe

Organizational Ambivalence – Most organizations do not view Credential Stuffing as a traditional cyber-attack.  Indeed the Shape Security report states that these attacks happened “on systems that did not report public data breaches.”  The logic here is that since the credentials were stolen from another site and an organization cannot control a user’s password, organizations are not responsible.

Botnet Technology – A botnet is a network of compromised computers organized by a perpetrator to perform a specific cyber-attack.  Add to a botnet the Sentry MBA software, which is the Credential Stuffing attack tool of choice, and you have cheap and easy automated Credential Stuffing attack tool.  Using a botnet also allows perpetrators to evade typical Credential Stuffing defenses like IP blacklists.

Human Element – This is always the most difficult aspect of cybersecurity.  Memorizing multiple passwords is frustrating and is the main reason for password reuse.  Indeed Credential Stuffing relies on the fact that roughly 60% of people reuse passwords.

There is no reason to believe that password reuse will disappear and that is why the only way to resolve Credential Stuffing is at the organizational level.  According to the Draft Special Publication 800-63B Digital Identity Guidelines, NIST is now recommending that organizations check a user’s password against a list of stolen passwords and provide alternates if the user’s password is on the list.  How long before the recommendation becomes a requirement?

The Open Web Application Security Project (OWASP) has issued a Credential Stuffing cheat sheet which lists 5 ways to protect your organization.  Some, like Multi-Factor Authentication (MFA), require a large network redesign effort or the implementation of a simple Single Sign-On solution like the TELEGRID SMRTe.  Others, like requiring a multi-step login process or disallowing email addresses as user IDs, can be implemented today with very little effort.  Every organization should review the OWASP cheat sheet or they might be the next target of a Credential Stuffing cyber-attack.

Eric Sharret is Vice President of Business Development at TELEGRID.  TELEGRID has unique expertise in secure embedded systems, secure authentication, PKI, and Multi-Factor Authentication (MFA).

Click to Subscribe

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post Credential Stuffing – Just Like Grandma Used to Make appeared first on TELEGRID.

David Burg, PwC’s U.S. and global leader of cybersecurity and privacy, put it best in an interview with Clint Boulton of CIO.com.  “What’s becoming clear is that senior execs — CEOs, marketing chiefs and others who worry about digital — are turning to CISOs and saying, OK how do I solve this? … It’s an important pivot. To remain competitive, organizations today must make a budgetary commitment to the integration of cybersecurity with digitization from the outset.”

At the New York Metro Joint Cyber Security Conference, a panelist made an interesting analogy between the rise of the CISO and the historic rise of Human Resources.  He said that if you followed the development of organizational charts from the early 1900s to today you would see the Human Resources department moving from the bottom of the organizational chart all the way up to the C-Suite.  He predicts that the same is and will continue to happen to the CISO position.

So what does this mean for developers of cybersecurity tools?

The rise of the CISO presents cybersecurity developers with a unique opportunity.  As cybersecurity planning moves earlier in the product development cycle, cybersecurity developers will be able to design their solutions as development tools, not bolt-on solutions.  Part of this effort includes reusing existing systems rather than reinventing the wheel.  For instance, in the past it might have been necessary to give administrators another database to manage, but now developers will be able to use existing protocols and communicate with existing databases.  This is a huge benefit and is something TELEGRID has already taken advantage of with its Privileged Access Management System.

If cybersecurity experts are engaged earlier in the development lifecycle, we can design solutions the way they are supposed to be.  As a company of engineers, TELEGRID knows that having a seat at the table early in the design process is very important.

Eric Sharret is Vice President of Business Development at TELEGRID.  TELEGRID has unique expertise in secure authentication, PKI and Multi-Factor Authentication (MFA).

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post The Rise of the CISO and Cybersecurity Tool Development appeared first on TELEGRID.